CVE-2019-1000023

Опубликовано: 04 фев. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity.

Ссылки

https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-%28NG-NetMS%29.html
https://sourceforge.net/projects/ngnms/
Product
Third Party Advisory
https://www.owasp.org/index.php/SQL_Injection
Third Party Advisory
https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-%28NG-NetMS%29.html
https://sourceforge.net/projects/ngnms/
Product
Third Party Advisory
https://www.owasp.org/index.php/SQL_Injection
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opt-net:ng-netms:*:*:*:*:*:*:*:*

Версия до 3.6-2 (включая)

EPSS

Процентиль: 53%

0.00298

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5jx5-765p-vmjr