|
|||
Rule General Information |
---|
Release Date: | 2024-07-30 | |
Rule Name: | Esafenet DLP NetSecConfigAjax SQL Injection Vulnerability | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Esafenet DLP is a comprehensive data security product. SQL injection vulnerability exists in the Esafenet DLP. The vulnerability is due to the failure to effectively check and filter the state parameter of NetSecConfigAjax interface. Malicious attackers can inject SQL statements through this vulnerability to realize illegal operations such as reading, modifying and forging database information. | |
Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
Affected OS: | Windows, Linux, Others | |
Reference: | ||
Solutions |
---|
Please contact the software vendor to update the software patch. |