An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.tenable.com/security/research/tra-2022-32 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: tenable
Published: 2022-09-27T13:51:02
Updated: 2024-08-03T01:07:06.488Z
Reserved: 2022-09-26T00:00:00
Link: CVE-2022-3323
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-09-27T23:15:15.867
Modified: 2024-11-21T07:19:17.760
Link: CVE-2022-3323
Redhat
No data.