3 matches found
Dell KACE K1000 advisory_detail.php/ticket_list.php/ticket.php脚本SQL注入漏洞
CVECAN ID: CVE-2014-1671 Dell KACE K1000是系统管理解决方案。 Dell KACE K1000 5.4.76847及更早版本存在多个SQL注入漏洞,远程攻击者或经过身份验证的远程用户通过service/kbotservice.php的getUploadPath或getKBot SOAP请求内的macAddress元素、userui/advisorydetail.php或userui/ticket.php的ID参数、userui/ticketlist.php的ORDER参数,利用这些漏洞即可执行任意SQL命令。 0 Dell Kace 1000...
CVE-2014-1671
CVE-2014-1671 affects Dell KACE K1000 systems (5.4.76847 and earlier) with multiple SQL injection vulnerabilities. The issues allow remote or authenticated users to inject arbitrary SQL via: (1) macAddress in service/kbot_service.php (getUploadPath/getKBot); (2) IDs in userui/advisory_detail.php ...
CVE-2014-1671
creationtimestamp| type| source ---|---|--- 2014-01-13 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39057...