Описание
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:setelsa-security:conacwin:3.7.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00045
Низкий
9.9 Critical
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.9
github
больше 2 лет назад
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
EPSS
Процентиль: 14%
0.00045
Низкий
9.9 Critical
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-89
CWE-89