Summary
This host is running Dell KACE K1000 Systems Management Appliance and is prone to multiple SQL injection vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Solution
Upgrade to latest version of Dell KACE K1000 SMA or Apply the patch, For updates refer to http://www.kace.com/products/systems-management-appliance
Insight
Multiple flaws are due to asset.php, asset_type.php, metering.php, mi.php, replshare.php, kbot.php, history_log.php and service.php scripts are not properly sanitizing user-supplied input.
Affected
Dell KACE K1000 Systems Management Appliance version 5.4.70402
Detection
Get the installed version of Dell KACE K1000 SMA with the help of detect NVT and check the version is vulnerable or not.
References
- http://seclists.org/fulldisclosure/2013/Jul/194
- http://www.exploit-db.com/exploits/27039
- http://www.osvdb.org/95534
- http://www.osvdb.org/95535
- http://www.osvdb.org/95536
- http://www.osvdb.org/95537
- http://www.osvdb.org/95538
- http://www.osvdb.org/95539
- http://www.osvdb.org/95540
- http://www.osvdb.org/95541
- http://www.osvdb.org/95542
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1671 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities