Описание
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:wave:embassy_remote_administration_server:-:*:*:*:*:*:*:*
cpe:2.3:a:wave:embassy_remote_administration_server_help_desk:-:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00863
Низкий
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands.
EPSS
Процентиль: 75%
0.00863
Низкий
9 Critical
CVSS2
Дефекты
CWE-78