PT-2019-12860 · Xpert Solution · Xpert Solution Server Status By Hostname/Ip
Publicado
2019-07-03
·
Atualizado
2019-12-02
·
CVE-2019-12570
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Xpert Solution "Server Status by Hostname/IP" plugin version 4.6
Description
A SQL injection issue allows an authenticated user to execute arbitrary SQL commands via GET parameters.
Recommendations
For Xpert Solution "Server Status by Hostname/IP" plugin version 4.6, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of arbitrary SQL command execution.
Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xpert Solution Server Status By Hostname/Ip