CVE-2019-13078
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection in /common/user_profile.php (parameter sort_column). An authenticated user can execute arbitrary SQL commands against the underlying database. Root cause cited in CNVD reports as lack of validation of ext...