A remote attacker could exploit this vulnerability to execute arbitrary SQL commands.
It was reported that this management system was publicly accessible on the internet. An attacker could exploit the vulnerability via a direct request to the management system or by submitting a request to an accessible URL.
An attacker could exploit the vulnerability by persuading a user with the “create” permission to create a new visitor record with an attacker-controlled value for id.
This management system was installed with version 1.1.2.1. It was reported that this management system was publicly accessible on the internet. An attacker could exploit the vulnerability via a direct request to the management system or by submitting a request to an accessible URL.
An attacker could exploit the vulnerability by persuading a user with the “create” permission to create a new visitor record with an attacker-controlled value for id.
2.2.2.2 Compound Management System
At the same time that this management system was publicly accessible on the internet, it was also installed with version 1.1.2.1 as a compound management system in order to provide remote access to multiple systems. An attacker could exploit the vulnerability by persuading a user with the “create” permission to create a new visitor record with an attacker-controlled value for id.
An attacker could exploit the vulnerability by persuading a user with the “create” permission to create a new visitor record with an attacker-controlled value for id.
Vulnerable versions
, patches & solutions
The vulnerability was reported on December 12th, 2018 by the researcher and fixed in version 1.2.0.1 of the software.
Tokens for browser management system
The affected browser management system was installed with version 1.1.2.1 and uses tokens for authentication. The vulnerability exists in how the application handles the handling of these tokens in its Web-based interface.
An attacker could exploit this vulnerability to execute arbitrary SQL commands on the database server via a direct request to the management system or by submitting a request to an accessible URL.
The following tokens may be manipulated:
"email"
"username"
"password"
"register_time_stamp"
Installation and upgrade issues
This management system was installed with version 1.1.2.1, which was the latest version at the time of installation.
It was reported that this management system was publicly accessible on the internet. An attacker could exploit the vulnerability via a direct request to the management system or by submitting a request to an accessible URL.
Timeline
Published on: 09/15/2022 02:15:00 UTC
Last modified on: 09/16/2022 19:31:00 UTC