SB2017121905 - Multiple vulnerabilities in Ecava IntegraXor

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017121905

SB2017121905 - Multiple vulnerabilities in Ecava IntegraXor

Published: December 19, 2017

Security Bulletin ID SB2017121905
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) SQL injection (CVE-ID: CVE-2017-16733)

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and disclose sensitive information from the database.

Successful exploitation of the vulnerability results in information disclosure.


2) SQL injection (CVE-ID: CVE-2017-16735)

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and trigger an error in the database log.

Successful exploitation of the vulnerability may result in denial of service.


Remediation

Install update from vendor's website.

References