PT-2022-12239 · Unknown · Active Intelligent Visualization
Renato Cruz
+1
·
Published
2022-09-09
·
Updated
2022-09-15
·
CVE-2021-44835
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Active Intelligent Visualization version 5
Description
An issue was discovered where the Vdc header is used in a SQL query without being sanitized, causing SQL injection.
Recommendations
For Active Intelligent Visualization version 5, consider sanitizing the Vdc header in SQL queries to prevent SQL injection until a patch is available. As a temporary workaround, restrict access to SQL queries using the Vdc header to minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Active Intelligent Visualization