CVE-2014-3932

2022-10-0316:20:24

mitre

www.cve.org

sql injection

device registration

cososys endpoint protector 4

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.9%

JSON

SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

References

secunia.com/advisories/58878

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140521-CoSoSys_Endpoint_Protector_Multiple_Vulnerabilities_v10_wo_poc.txt