Lucene search
Thomas Konrad1337DAY-ID-24608HistoryNov 25, 2015 - 12:00 a.m.
RXTEC RXAdmin SQL Injection Vulnerability
2015-11-2500:00:00
Thomas Konrad
0day.today
19
EPSS
0.004
Percentile
74.5%
RXTEC RXAdmin login page from UPDATE 06 / 2012 suffers from a remote SQL injection vulnerability.
### RXTEC_20150513 #### Title: SQL injection vulnerability in the RXTEC RXAdmin Login Page allows remote attackers to execute arbitrary SQL commands via several HTTP parameter.
#### Type of vulnerability: SQL injection
##### Attack outcome: It is possible to extract all information from the database in use by the application.
Depending on the configuration of the SQL server arbitrary code execution might be possible.
#### Impact: Critical
#### Software/Product name: RXTEC RXAdmin Login
#### Affected versions: UPDATE : 06 / 2012
#### Fixed in version: *unknown* #### Vendor: RXTEC (www.rxtec.net)
#### CVE number: CVE-2015-8298
#### Timeline * `2015-04-30` identification of vulnerability
* `2015-05-11` vendor contact (won't fix because of outdated version)
* `2015-07-14` contact [email protected]
#### Credits: Thomas Konrad `[email protected]` (SBA Research)
#### Description: The following parameters are affectey by the vulnerability:
* /index.htm (loginpassword parameter)
* /index.htm (loginusername parameter)
* /index.htm (zusätzlicher parameter)
* /index.htm (zusätzlicher parameter)
* /index.htm (rxtec cookie)
* /index.htm (groupid parameter)
#### Proof-of-concept: *none*
# 0day.today [2018-03-01] #Related
prion
prion
Sql injection
2018-09-24 19:29:00
nvd
nvd
CVE-2015-8298
2018-09-24 19:29:00
cve
cve
CVE-2015-8298
2018-09-24 19:29:00
packetstorm
packetstorm
RXTEC RXAdmin SQL Injection
2015-11-24 00:00:00
cvelist
cvelist
CVE-2015-8298
2018-09-24 19:00:00