CVE-2013-3578

EUVD-2013-3512
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
waveembassy_remote_administration_server
-
waveembassy_remote_administration_server_help_desk
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/217836
http://www.kb.cert.org/vuls/id/217836