PT-2022-7726 · Telecommunication · Samwin Contact Center Suite+1

Max Moser

Published

2022-05-24

Updated

2022-06-08

CVE-2013-10003

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Telecommunication Software SAMwin Contact Center Suite version 5.1

Description A critical issue has been found in the software, affecting the getCurrentDBVersion function in the SAMwinLIBVB.dll library of the database handler. This leads to sql injection. The issue has been publicly disclosed and may be exploited.

Recommendations For Telecommunication Software SAMwin Contact Center Suite version 5.1, upgrade to version 6.2 to address the issue. As a temporary workaround, consider restricting access to the getCurrentDBVersion function in the SAMwinLIBVB.dll library until the upgrade is applied.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2013-10003

Affected Products

Samwin Contact Center Suite

Samwinlibvb.Dll

PT-2022-7726 · Telecommunication · Samwin Contact Center Suite+1

CVE-2013-10003

Weakness Enumeration

Related Identifiers

Affected Products

References · 4