CVE-2013-3578

Name of the Vulnerable Software and Affected Versions Wave EMBASSY Remote Administration Server (ERAS) (affected versions not specified)

Description The issue allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter, which is the search field in the Help Desk application. This can lead to the execution of operating-system commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.