Описание
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 67 (включая)
Одновременно
cpe:2.3:o:ais:logistic_software:*:*:*:*:*:*:*:*
cpe:2.3:h:ais:esel-server:-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.72742
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.
EPSS
Процентиль: 99%
0.72742
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89