An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
[
{
"vendor": "n/a",
"product": "Advantech iView",
"versions": [
{
"version": "versions prior to v5.7.4 build 6752",
"status": "affected"
}
]
}
]