Описание
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.
Ссылки
- ExploitThird Party Advisory
- ProductVendor Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:softinventive:network_olympus:1.8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04433
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.2
github
почти 4 года назад
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.
EPSS
Процентиль: 89%
0.04433
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89