|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-01-21 | |
| Rule Name: | WiKID 2FA Enterprise Server searchDevices.jsp SQL Injection Vulnerability (CVE-2019-16917) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An SQL injection vulnerability exists in WiKID 2FA Enterprise Server. This vulnerability is due to insufficient validation of user input in searchDevices.jsp. A remote, authenticated attacker can exploit this vulnerability by sending an HTTP request with crafted HTTP parameters to the target server. Successful exploitation could result in the execution of arbitrary SQL commands against the database on the target server. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Network Device | |
| Reference: | http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html http://seclists.org/fulldisclosure/2019/Oct/35 https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection https://seclists.org/fulldisclosure/2019/Oct/35 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.wikidsystems.com |