PT-2019-12860 · Xpert Solution · Xpert Solution Server Status By Hostname/Ip

Published

2019-07-03

Updated

2019-12-02

CVE-2019-12570

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xpert Solution "Server Status by Hostname/IP" plugin version 4.6

Description A SQL injection issue allows an authenticated user to execute arbitrary SQL commands via GET parameters.

Recommendations For Xpert Solution "Server Status by Hostname/IP" plugin version 4.6, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of arbitrary SQL command execution.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-12570

Affected Products

Xpert Solution Server Status By Hostname/Ip

PT-2019-12860 · Xpert Solution · Xpert Solution Server Status By Hostname/Ip

CVE-2019-12570

Weakness Enumeration

Related Identifiers

Affected Products

References · 4