PT-2020-14719 · Loway · Queuemetrics
Published
2020-08-13
·
Updated
2020-08-19
·
CVE-2020-15925
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Loway QueueMetrics versions prior to 19.10.21
Description
A SQL injection issue exists at a tpf URI, allowing remote authenticated attackers to execute arbitrary SQL commands via the
TPF XPAR1 parameter.Recommendations
For versions prior to 19.10.21, update to version 19.10.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the tpf URI to minimize the risk of exploitation. Avoid using the
TPF XPAR1 parameter in the affected URI until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Queuemetrics