Lucene search
ZdiCVELIST:CVE-2017-17417HistoryFeb 08, 2018 - 6:00 p.m.
CVE-2017-17417
2018-02-0818:00:00
CWE-89
zdi
www.cve.org
1
0.145 Low
EPSS
Percentile
95.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.
CNA Affected
[
{
"product": "Quest NetVault Backup",
"vendor": "Quest",
"versions": [
{
"status": "affected",
"version": "11.3.0.12"
}
]
}
]Related
cve
cve
CVE-2017-17417
2018-02-08 18:29:00
nessus
nessus
zdt
zdt
nvd
nvd
CVE-2017-17417
2018-02-08 18:29:00
packetstorm
packetstorm
Quest NetVault Backup Server Code Execution / SQL Injection
2019-02-22 00:00:00
zdi
zdi
exploitpack
exploitpack
prion
prion
Design/Logic Flaw
2018-02-08 18:29:00
exploitdb
exploitdb