CVE-2019-18234

Name of the Vulnerable Software and Affected Versions Equinox Control Expert versions all

Description The issue is related to a lack of protection for the SQL query structure, which can be exploited by sending specially crafted SQL queries to the database. This may allow a remote attacker to gain unauthorized access to protected information. The exploitation of this issue can also enable an attacker to remotely execute arbitrary code.

Recommendations For all versions, apply the necessary security patches or updates to protect against SQL injection attacks. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation. Avoid using user-supplied input in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.