PT-2019-11586 · Microsoft+1 · Mssql+1

P0W1

Published

2019-05-31

Updated

2019-06-03

CVE-2019-10123

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Advanced InfoData Systems (AIS) ESEL-Server version 67

Description: The issue allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the sa user.

Recommendations: For Advanced InfoData Systems (AIS) ESEL-Server version 67, consider restricting access to the MSSQL database to minimize the risk of exploitation. As a temporary workaround, limit the privileges of the sa user until a patch is available.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-10123

Affected Products

Esel-Server

Mssql

PT-2019-11586 · Microsoft+1 · Mssql+1

CVE-2019-10123

Weakness Enumeration

Related Identifiers

Affected Products

References · 6