N/A

A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An attacker could exploit this vulnerability by submitting crafted URLs, which are designed to exploit the vulnerability, to the affected software. To execute an attack successfully, the attacker would need to submit a number of requests to the affected software. A successful exploit could allow the attacker to determine the presence of values in the SQL database of the affected software. Cisco Bug IDs: CSCvf07617.

N/A

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Cisco Smart Net Total Care Software Collector Appliance SQL注入漏洞

Cisco Smart Net Total Care (SNTC) Software Collector Appliance是美国思科（Cisco）公司的一款智能网络保护服务中的软件映像采集设备。 Cisco SNTC Software Collector Appliance 3.11版本中的基于Web的管理界面存在SQL注入漏洞，该漏洞源于程序没有充分的对用户提交的字段执行充分的输入验证。远程攻击者可通过提交特制的URL利用该漏洞确定受影响软件的SQL数据库中的值是否存在。

N/A

N/A