Sql injection

2007-04-0601:19:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

0.034 Low

EPSS

Percentile

91.5%

JSON

qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.

CPENameOperatorVersion
mercury_quality_centereq9.0 build-9.1.0.4352

CPE	Name	Operator	Version
	mercury_quality_center	eq	9.0 build-9.1.0.4352

References

lists.grok.org.uk/pipermail/full-disclosure/2007-April/053406.html

osvdb.org/34630

secunia.com/advisories/24730

securityreason.com/securityalert/2527

www.securitytracker.com/id?1017842

www.vupen.com/english/advisories/2007/1246

exchange.xforce.ibmcloud.com/vulnerabilities/33385