CVE-2022-38627 PoC — Nortek Control Linear eMerge E3-Series SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-38627.yaml

Associated Vulnerability

Title:Nortek Control Linear eMerge E3-Series SQL注入漏洞 (CVE-2022-38627)
Description:Nortek Control Linear eMerge E3-Series是美国Nortek Control公司的一种门禁控制器。可指定人员在指定时间可以使用哪些门进出指定地点。 Nortek Control Linear eMerge E3-Series若干版本存在安全漏洞，该漏洞源于其对idt参数的操作允许攻击者实现SQL注入。以下版本受到影响：0.32-08f、0.32-07p、0.32-07e、0.32-09c、0.32-09b、0.32-09a和0.32-08e版本。

Description

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter.

File Snapshot


 id: CVE-2022-38627

info:
  name: Nortek Linear eMerge E3-Series - SQL Injection
  author: daffainfo

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!