Lucene search
Andrea Micalizzi (rgod)ZDI-14-293HistoryAug 12, 2014 - 12:00 a.m.
(0Day) F5 Data Manager discoverFilerBasicInfo.jsft filerName SQL Injection Remote Code Execution Vulnerability
2014-08-1200:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
17
0.003 Low
EPSS
Percentile
69.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of F5 Data Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the discoverFilerBasicInfo.jsft page. An attacker is able to inject SQL through the filerName field in this page, and use that to gain full administrator credentials for Data Manager.
Related
f5
f5
cvelist
cvelist
CVE-2014-2949
2014-06-18 16:00:00
cve
cve
CVE-2014-2949
2014-06-18 16:55:07
cert
cert
F5 ARX Data Manager contains a SQL injection vulnerability
2014-06-17 00:00:00
prion
prion
Sql injection
2014-06-18 16:55:00
nvd
nvd
CVE-2014-2949
2014-06-18 16:55:07