all InfoSec news
Authenticated SQL Injection in Advantech iView
Tenable Research Advisories www.tenable.com
A researcher at Tenable has discovered an authenticated SQL injection vulnerability in Advantech iView < v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
Proof of Concept:
A proof of concept will be added to Tenable's poc repo on github (https://github.com/tenable/poc)
Evan Grant
Thu, 07/27/2023 - 14:36
admin advantech build bypass exploit injection password proof researcher sql sql injection tenable vulnerability