Lucene search
Juan Pablo Lopez YacubianZDI-17-058HistoryFeb 07, 2017 - 12:00 a.m.
Ecava IntegraXor getdata name SQL Injection Remote Code Execution Vulnerability
2017-02-0700:00:00
Juan Pablo Lopez Yacubian
www.zerodayinitiative.com
25
0.014 Low
EPSS
Percentile
86.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
Related
cve
cve
CVE-2016-8341
2017-02-13 21:59:00
nessus
nessus
Ecava IntegraXor 5.0.413.0 getdata Requests Handling Multiple SQLi
2017-02-22 00:00:00
zdi
zdi
prion
prion
Sql injection
2017-02-13 21:59:00
ics
ics
Ecava IntegraXor
2017-02-14 12:00:00
openvas
openvas
ECAVA IntegraXor <= 5.0.413.0 SQLi Vulnerability
2017-02-17 00:00:00
cvelist
cvelist
CVE-2016-8341
2017-02-13 21:00:00
nvd
nvd
CVE-2016-8341
2017-02-13 21:59:00