Advantech iView, a Simple Network Protocol (SNMP) based software for managing B B SmartWorx devices from Advantech, is vulnerable to a SQL injection vulnerability in version 5.7.04.6469 of Advantech iView, which stems from a flaw in its ConfigurationServlet endpoint, which can be exploited to create a special column_value parameter in the setConfiguration operation to bypass the com.imc.iview.utils.CUtils.checkSQLInjection() check to execute the SQL statement and get the database data.
CPE | Name | Operator | Version |
---|---|---|---|
advantech advantech iview 5. | eq | 7.04.6469 |