Описание
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:lansweeper:lansweeper:9.1.20.2:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10519
Средний
6.6 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
EPSS
Процентиль: 93%
0.10519
Средний
6.6 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89