Lucene search
Steven Seeley (mr_me) of Offensive SecurityZDI-18-027HistoryJan 05, 2018 - 12:00 a.m.
Advantech WebAccess LogList ChkAdminViewUsrPwd1 SQL Injection Remote Code Execution Vulnerability
2018-01-0500:00:00
Steven Seeley (mr_me) of Offensive Security
www.zerodayinitiative.com
13
EPSS
0.007
Percentile
79.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within ChkAdminViewUsrPwd1, called from LogList.asp. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code under the context of the web service.
Related
exploitpack
exploitpack
Advantech WebAccess 8.3 - SQL Injection
2018-01-30 00:00:00
nvd
nvd
CVE-2017-16716
2018-01-05 08:29:00
prion
prion
Sql injection
2018-01-05 08:29:00
zdt
zdt
Advantech WebAccess < 8.3 - SQL Injection Exploit
2018-01-30 00:00:00
zdi
zdi
cvelist
cvelist
CVE-2017-16716
2018-01-05 08:00:00
packetstorm
packetstorm
Advantech WebAccess 8.0-2015.08.16 SQL Injection
2018-01-29 00:00:00
cve
cve
CVE-2017-16716
2018-01-05 08:29:00
exploitdb
exploitdb
Advantech WebAccess < 8.3 - SQL Injection
2018-01-30 00:00:00
ics
ics
Advantech WebAccess
2018-01-04 00:00:00
Advantech WebAccess (Update A)
2018-01-11 12:00:00