CVE-2023-28701

CRITICAL 9.8

ELITE Web Fax - SQL Injection

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.

CWE	CWE-89
Vendor	elite
Product	web fax
Published	Jun 2, 2023
Last Updated	Jan 8, 2025

Stay Ahead of the Next One

Get instant alerts for elite web fax

Be the first to know when new critical vulnerabilities affecting elite web fax are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

ELITE / Web Fax

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

twcert.org.tw: https://www.twcert.org.tw/tw/cp-132-7145-1a0d4-1.html

Credits

Huang Yu Ze (CHT Security)