CVE-2018-15441

CWE-89SQL Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 37.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Prime License ManagerCisco Cisco Prime License Manager
Timeline
PublishedNov 28
Latest updateMay 13

Description

A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM da

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:HExploitability: 3.9 | Impact: 5.5

Affected Packages2 packages

NVDcisco/prime_license_manager11.0.111.5+1

🔴Vulnerability Details

2
GHSA
GHSA-pj62-g8w9-6x78: A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQ2022-05-13
CVEList
Cisco Prime License Manager SQL Injection Vulnerability2018-11-28

📋Vendor Advisories

1
Cisco
Cisco Prime License Manager SQL Injection Vulnerability2018-11-28
CVE-2018-15441 (CRITICAL CVSS 9.8) | A vulnerability in the web framewor | cvebase.io