SQL injection in Advantech WebAccess - CVE-2017-12710
Published: August 30, 2017
Vulnerability identifier: #VU8036
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12710
CWE-ID: CWE-89
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Advantech Co., Ltd
Affected software:
Advantech WebAccess
Advantech WebAccess
Detailed vulnerability description
The vulnerability allows a remote attacker to execute SQL commands on the target system.
The weakness exists due to improper input validation. A remote attacker can supply a specially crafted parameter value to execute SQL commands on the underlying database and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to improper input validation. A remote attacker can supply a specially crafted parameter value to execute SQL commands on the underlying database and gain access to arbitrary data.
Successful exploitation of the vulnerability results in information disclosure.