all InfoSec news
Authenticated SQL Injection in Advantech iView
July 27, 2023, 6:36 p.m. | Evan Grant
Tenable Research Advisories www.tenable.com
A researcher at Tenable has discovered an authenticated SQL injection vulnerability in Advantech iView < v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
Proof of Concept:
A proof of concept will be added to Tenable's poc repo on github (https://github.com/tenable/poc)
Evan Grant
Thu, 07/27/2023 - 14:36
admin advantech build bypass exploit injection password proof researcher sql sql injection tenable vulnerability
More from www.tenable.com / Tenable Research Advisories
Fluent Bit Memory Corruption Vulnerability
2 weeks, 1 day ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
2 weeks, 4 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
2 weeks, 4 days ago |
www.tenable.com
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities
3 weeks, 5 days ago |
www.tenable.com
Approach.App Multiple Vulnerabilities
1 month, 1 week ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
1 month, 3 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC