CVE-2017-9848

Name of the Vulnerable Software and Affected Versions Easysite version 7.0

Description The issue allows remote attackers to execute arbitrary SQL commands via a crafted XML document. This is achieved by manipulating the ArticleIDs element within the GetArticleHitsArray element in the C InfoService.asmx file, part of the WebServices component.

Recommendations For Easysite version 7.0, consider restricting access to the C InfoService.asmx file until a patch is available. As a temporary workaround, avoid using the ArticleIDs element within the GetArticleHitsArray element in XML documents to minimize the risk of exploitation.