Sql injection

2018-10-0320:29:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.9%

JSON

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.

CPENameOperatorVersion
faxfinderlt5.1.6

CPE	Name	Operator	Version
	faxfinder	lt	5.1.6

References

securityshards.wordpress.com/2018/10/02/cve-2018-17562-faxfinder-5-0-5-8-sqlite-inejection-vulnerability/