Sql injection

2019-10-0916:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application.

CPENameOperatorVersion
omnicenterle12.1.1

CPE	Name	Operator	Version
	omnicenter	le	12.1.1

References

packetstormsecurity.com/files/154763/OmniCenter-12.1.1-SQL-Injection.html

www.netreo.com/blog/omnicenter-12-now-available-extensible-integration-unlimited-scalability-device-grouping/