Summary
Dell Kace 1000 Systems Management Appliance is prone to multiple SQL injection vulnerabilities
Impact
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Solution
Updates are available.
Insight
Dell Kace 1000 Systems Management Appliance is prone to multiple SQL- injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
Affected
Dell Kace 1000 Systems Management Appliance 5.4.76847 is vulnerable
other versions may also be affected.
Detection
Check the version
References
Severity
Classification
-
CVE CVE-2014-1671 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Continuum Cross Site Scripting Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability