4 matches found
ConnectWise ManagedITSync SQL Injection (CVE-2017-18362)
An SQL injection vulnerability exists in ConnectWise ManagedITSync. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2017-18362
creationtimestamp| type| source ---|---|--- 2019-02-05 12:26:15+00:00| exploited| https://t.me/cibsecurity/2385 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24 20:31:21+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971576 2025-02-23 02:10:15+00:00...
CVE-2017-18362
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...
CVE-2017-18362
Summary: CVE-2017-18362 affects Kaseya VSA via ConnectWise ManagedITSync. It allows unauthenticated remote commands to access and modify the Kaseya VSA database when ManagedIT.asmx is reachable through the web interface. The vulnerability has been actively exploited in the wild (February 2019) to...