CVE-2018-9245

Name of the Vulnerable Software and Affected Versions Ericsson-LG iPECS NMS (affected versions not specified)

Description The issue is related to a lack of protection for the SQL query structure, allowing for SQL injection. This can be exploited by a remote attacker to bypass the authentication procedure and execute arbitrary code using the id and passwd parameters by sending HTTP POST requests. The vulnerability enables attackers to bypass the login page and execute remote code on the operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.