Описание
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
Уязвимые конфигурации
Конфигурация 1Версия до 6.0.188.0 (включая)
Одно из
cpe:2.3:a:cisco:wireless_control_system_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wireless_control_system_software:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wireless_control_system_software:6.0.132.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wireless_control_system_software:6.0.170.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wireless_control_system_software:6.0.181.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wireless_control_system_software:6.0.182.0:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00334
Низкий
9 Critical
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
EPSS
Процентиль: 56%
0.00334
Низкий
9 Critical
CVSS2
Дефекты
CWE-89