all InfoSec news
Contec CONPROSYS HMI System (CHS) Unauthenticated SQLi
March 31, 2023, 2:51 p.m. | Nick Miles
Tenable Research Advisories www.tenable.com
There is an SQL injection vulnerability in Contec CONPROSYS HMI System (CHS) 3.5.1. An unauthenticated remote attacker can exploit it to enumerate a CHS database.
CHS logs login attempts to the dbo.m_user_login table in a PostgreSQL database:
from: auth_login.php
<...snip...>
$v = d5::v(); // get client IP address
if ($l != null) {
$p = ad(time());
$q = new d5($i, null, null, 'dbo.m_user_login');
try {
$q->_a(_S34_, "'" . $o . "','" . $l->l …
chs client contec database exploit hmi injection login login attempts logs php postgresql sql sqli sql injection system vulnerability
More from www.tenable.com / Tenable Research Advisories
Microsoft Azure Firewall Bypass Vulnerability
6 days, 14 hours ago |
www.tenable.com
Fluent Bit Memory Corruption Vulnerability
3 weeks, 2 days ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
3 weeks, 5 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
3 weeks, 5 days ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States