CVE-2013-5028
published 2013-10-11CVE-2013-5028: SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL…
PriorityP341medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.95%
77.7th percentile
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kwoksys | information_server | <= 2.8.4 | — |
| kwoksys | information_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/123193http://www.kwoksys.com/wiki/index.php?title=Release_Noteshttps://exchange.xforce.ibmcloud.com/vulnerabilities/86363https://exchange.xforce.ibmcloud.com/vulnerabilities/87067http://packetstormsecurity.com/files/123193http://www.kwoksys.com/wiki/index.php?title=Release_Noteshttps://exchange.xforce.ibmcloud.com/vulnerabilities/86363https://exchange.xforce.ibmcloud.com/vulnerabilities/87067
2013-10-11
Published