CVE-2015-3947

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions prior to 8.1

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is due to insufficient protection of the SQL query structure during authentication, which enables SQL code injection. Exploitation of this issue may allow a remote attacker to execute arbitrary SQL commands and modify web server settings, accounts, and projects.

Recommendations For Advantech WebAccess versions prior to 8.1, update to version 8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL query structure to minimize the risk of exploitation.