CVE-2017-5151
published 2017-02-13CVE-2017-5151: An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow…
PriorityP355high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EXPLOIT
EPSS
2.39%
81.9th percentile
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| panasonic | video_insight_web_client | <= 6.3.5.11 | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vj6x-f6g8-6phm: An issue was discovered in VideoInsight Web Client Version 6
ghsa_unreviewed·2022-05-13
CVE-2017-5151 [HIGH] CWE-89 GHSA-vj6x-f6g8-6phm: An issue was discovered in VideoInsight Web Client Version 6
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution.
CISA ICS
VideoInsight Web Client
cisa_ics·2017-01-19
VideoInsight Web Client
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
VideoInsight Web Client
Last RevisedJanuary 19, 2017
Alert CodeICSA-17-012-02
## CVSS V3 7.3
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: VideoInsight
Equipment: Web Client
Vulnerability: SQL Injection
## AFFECTED PRODUCTS
The following Web Client versions are affected:
- Web Client Version 6.3.5.11 and previous versions.
## IMPACT
A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
## MITIGATION
VideoInsight has produced a new version that addresses the reported vulnerability.
Th
No detection rules found.
No writeups or analysis indexed.
2017-02-13
Published