CVE-2019-16065

Name of the Vulnerable Software and Affected Versions Enigma NMS versions 65.0.0 and prior

Description A remote SQL injection issue was discovered in the web application, allowing an attacker to execute SQL commands. This can expose and compromise the web server, reveal database tables and values, and potentially execute system-based commands as the mysql user. The search pattern value of the manage hosts short.cgi script is affected.

Recommendations For Enigma NMS versions 65.0.0 and prior, consider restricting access to the manage hosts short.cgi script until a fix is available. As a temporary workaround, avoid using the search pattern value in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.