Lucene search
RootSSV:61398HistoryFeb 10, 2014 - 12:00 a.m.
Dell KACE K1000 advisory_detail.php/ticket_list.php/ticket.php脚本SQL注入漏洞
2014-02-1000:00:00
Root
www.seebug.org
9
0.003 Low
EPSS
Percentile
68.8%
CVE(CAN) ID: CVE-2014-1671
Dell KACE K1000是系统管理解决方案。
Dell KACE K1000 5.4.76847及更早版本存在多个SQL注入漏洞,远程攻击者或经过身份验证的远程用户通过service/kbot_service.php的getUploadPath或getKBot SOAP请求内的macAddress元素、userui/advisory_detail.php或userui/ticket.php的ID参数、userui/ticket_list.php的ORDER[]参数,利用这些漏洞即可执行任意SQL命令。
0
Dell Kace 1000 Systems Management Appliance 5.4.76847
厂商补丁:
Dell
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
openvas
openvas
cve
cve
CVE-2014-1671
2014-01-26 01:55:20
nessus
nessus
Dell KACE K1000 < 5.5 Multiple SQL Injection Vulnerabilities
2014-02-07 00:00:00
cvelist
cvelist
CVE-2014-1671
2014-01-26 01:00:00
nvd
nvd
CVE-2014-1671
2014-01-26 01:55:20
prion
prion
Sql injection
2014-01-26 01:55:00