3 matches found
CVE-2013-3577
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server ERAS allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter aka the search field...
CVE-2013-3577
Affected product/area: Wave EMBASSY Remote Administration Server (ERAS) – Help Desk application. Vulnerability: CVE-2013-3577 is a SQL injection flaw that allows a remote attacker to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue (the search field). Root cause: In...
Wave EMBASSY Remote Administration Server SQL injection vulnerabilities
Overview The Wave EMBASSY Remote Administration Server ERAS contains the ERAS Help Desk application that fails to filter user input allowing for the exploitation of SQL injection vulnerabilities. These vulnerabilities may allow a remote authenticated attacker to execute procedures or SQL queries...