CVE-2017-12710

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions prior to V8.2 20170817

Description A SQL Injection issue was discovered, allowing an attacker to inject arbitrary SQL statements by submitting a specially crafted parameter. This could enable the attacker to obtain sensitive information.

Recommendations For versions prior to V8.2 20170817, update to version V8.2 20170817 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation. Avoid using user-supplied input in SQL queries until the issue is resolved.