Описание
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.
Ссылки
- Third Party Advisory
- Third Party Advisory
- ProductVendor Advisory
- Third Party Advisory
- Third Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cerner:mobile_care:5.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03461
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell.
EPSS
Процентиль: 87%
0.03461
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-89