CVE-2019-15016

Name of the Vulnerable Software and Affected Versions Zingbox Inspector versions 1.288 and earlier

Description The issue is related to an SQL injection vulnerability in the management interface, allowing unsanitized data from an authenticated user to be passed into the database. This vulnerability is associated with a lack of protection for the SQL query structure, which could allow a remote attacker to disclose protected information.

Recommendations For Zingbox Inspector versions 1.288 and earlier, consider restricting access to the management interface until a fix is available. As a temporary workaround, limit the input data that can be passed from the web UI into the database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.