cbcvebase.
CVE-2017-11494
published 2017-08-02

CVE-2017-11494: SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter…

PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.75%
88.5th percentile
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.

Affected

1 ranges
VendorProductVersion rangeFixed in
sol-connectsol.connect_iset-mpp_meter_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/_45b4a69e249c1d0ab9772763f3c97e69_/?s=login&o=/_45b4a69e249c1d0ab9772763f3c97e69_/%3fs%3dmain
path/_45b4a69e249c1d0ab9772763f3c97e69_/
commandaction=submit&origin=%2F_45b4a69e249c1d0ab9772763f3c97e69_%2F%3Fs%3Dmain&s=login&user=admin%27+or+%271%27%3D%271+--%2B&password=asd
  • Monitor POST requests to the login endpoint path containing the distinctive hash-like directory segment '/_45b4a69e249c1d0ab9772763f3c97e69_/' with the parameter 's=login'.
  • Detect SQL injection payloads in the 'user' POST parameter, specifically patterns such as URL-encoded single quotes and OR-based tautologies (e.g., admin' or '1'='1 --+).
  • The vulnerable parameter is 'user' submitted in a login action POST body; inspect for SQL metacharacters (%27, %3D, --%2B) in this field.
  • ·The login endpoint path ('/_45b4a69e249c1d0ab9772763f3c97e69_/') appears to be a fixed, application-specific path for SOL.Connect ISET-mpp meter and can be used as a reliable fingerprint for this product in network detection rules.
  • ·Affected versions are 1.2.4.2 and earlier; detections should target this product version range specifically.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.