A CVSS v3 base score of 8.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.ĬVE-2022-2136 has been assigned to this vulnerability. 3.2.2 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.ĬVE-2022-2135 has been assigned to this vulnerability. Advantech iView: All versions prior to 5_7_04_6469ģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89.The following versions of Advantech iView management software are affected: Successful exploitation of these vulnerabilities could allow an attacker to read or modify sensitive data, disclose information, or execute arbitrary code. Vulnerabilities: SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, Command Injection.
ATTENTION: Exploitable remotely/low attack complexity.
0 kommentar(er)
