Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Advantech iView SQL注入漏洞
Vulnerability Description
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView 5.7.04.6469版本存在安全漏洞,该漏洞源于在其ConfigurationServlet端点中,未经身份验证的远程攻击者可以在setConfiguration操作中创建一个特殊的column_value参数,以绕过com.imc.iview.utils.CUtils.checkSQLInjection()中的检
CVSS Information
N/A
Vulnerability Type
N/A