Lucene search
China National Vulnerability DatabaseCNVD-2022-88792HistorySep 29, 2022 - 12:00 a.m.
Advantech iView SQL Injection Vulnerability
2022-09-2900:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
advantech iview
sql injection
snmp
software
vulnerability
version 5.7.04.6469
configurationservlet
operation
database data
0.002 Low
EPSS
Percentile
60.7%
Advantech iView, a Simple Network Protocol (SNMP) based software for managing B B SmartWorx devices from Advantech, is vulnerable to a SQL injection vulnerability in version 5.7.04.6469 of Advantech iView, which stems from a flaw in its ConfigurationServlet endpoint, which can be exploited to create a special column_value parameter in the setConfiguration operation to bypass the com.imc.iview.utils.CUtils.checkSQLInjection() check to execute the SQL statement and get the database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| advantech advantech iview 5. | eq | 7.04.6469 |
Related
prion
prion
Sql injection
2022-09-27 23:15:00
cvelist
cvelist
CVE-2022-3323
2022-09-27 13:51:02
nessus
nessus
Advantech iView ConfigurationServlet SQLi (CVE-2022-3323)
2023-01-03 00:00:00
ics
ics
Advantech iView
2022-12-08 12:00:00
cve
cve
CVE-2022-3323
2022-09-27 23:15:15
nvd
nvd
CVE-2022-3323
2022-09-27 23:15:15