2 matches found
CVE-2013-3578
The CVE-2013-3578 issue affects Wave EMBASSY ERAS Help Desk (part of ERAS) where input in the ct100$4MainController$TextBoxSearchValue parameter enables SQL injection and, in some cases, command execution on the server. Affected products are ERAS 2.8.4 Help Desk and ERAS 2.9.5 Help Desk; exploita...
Wave EMBASSY Remote Administration Server SQL injection vulnerabilities
Overview The Wave EMBASSY Remote Administration Server ERAS contains the ERAS Help Desk application that fails to filter user input allowing for the exploitation of SQL injection vulnerabilities. These vulnerabilities may allow a remote authenticated attacker to execute procedures or SQL queries...