Lucene search

[email protected]CVE-2013-5028

HistoryOct 11, 2013 - 9:55 p.m.

CVE-2013-5028

2013-10-1121:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-5028

sql injection

hardware-list.dll

kwoksys kwok information server

nvd

8.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.0%

JSON

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.

CPENameOperatorVersion
kwoksys:information_serverkwoksys information servereq2.8.3
kwoksys:information_serverkwoksys information serverle2.8.4

CPE	Name	Operator	Version
kwoksys:information_server	kwoksys information server	eq	2.8.3
kwoksys:information_server	kwoksys information server	le	2.8.4

References

packetstormsecurity.com/files/123193

www.kwoksys.com/wiki/index.php?title=Release_Notes

exchange.xforce.ibmcloud.com/vulnerabilities/86363

exchange.xforce.ibmcloud.com/vulnerabilities/87067

8.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

44.0%

JSON

Related for CVE-2013-5028

zdt1 prion1 cvelist1 packetstorm1