Lucene search
Brian Gorenc - Trend Micro Zero Day InitiativeZDI-17-059HistoryFeb 07, 2017 - 12:00 a.m.
Ecava IntegraXor getdata param SQL Injection Remote Code Execution Vulnerability
2017-02-0700:00:00
Brian Gorenc - Trend Micro Zero Day Initiative
www.zerodayinitiative.com
32
0.014 Low
EPSS
Percentile
86.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the param parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
Related
cve
cve
CVE-2016-8341
2017-02-13 21:59:00
nessus
nessus
Ecava IntegraXor 5.0.413.0 getdata Requests Handling Multiple SQLi
2017-02-22 00:00:00
openvas
openvas
ECAVA IntegraXor <= 5.0.413.0 SQLi Vulnerability
2017-02-17 00:00:00
cvelist
cvelist
CVE-2016-8341
2017-02-13 21:00:00
nvd
nvd
CVE-2016-8341
2017-02-13 21:59:00
zdi
zdi
ics
ics
Ecava IntegraXor
2017-02-14 12:00:00
prion
prion
Sql injection
2017-02-13 21:59:00