Описание
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir].
Ссылки
- Vendor Advisory
- Product
- Vendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:quest:kace_systems_management_appliance:9.1.317:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00358
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir].
EPSS
Процентиль: 57%
0.00358
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89