2 matches found
CVE-2013-3577
Affected product/area: Wave EMBASSY Remote Administration Server (ERAS) – Help Desk application. Vulnerability: CVE-2013-3577 is a SQL injection flaw that allows a remote attacker to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue (the search field). Root cause: In...
CVE-2013-3578
The CVE-2013-3578 issue affects Wave EMBASSY ERAS Help Desk (part of ERAS) where input in the ct100$4MainController$TextBoxSearchValue parameter enables SQL injection and, in some cases, command execution on the server. Affected products are ERAS 2.8.4 Help Desk and ERAS 2.9.5 Help Desk; exploita...