cbcvebase.
CVE-2019-16065
published 2020-03-19

CVE-2019-16065: A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to…

PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.81%
84.7th percentile
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.

Affected

1 ranges
VendorProductVersion rangeFixed in
netsasenigma_network_management_solution<= 65.0.0

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/protected/manage_hosts_short.cgi
commandaction=search_proceed&search_pattern=a%' AND SLEEP(5) AND '%'='
  • Monitor GET requests to /cgi-bin/protected/manage_hosts_short.cgi for SQL injection patterns in the search_pattern parameter, particularly time-based blind SQLi payloads containing SLEEP() calls or unbalanced quote characters.
  • Alert on HTTP requests to manage_hosts_short.cgi where the search_pattern value contains SQL keywords such as AND SLEEP, single-quote sequences (%27 or '), or boolean-based injection patterns.
  • Anomalous or delayed HTTP responses from manage_hosts_short.cgi (e.g., ~5 second response delays) may indicate successful time-based blind SQL injection exploitation via SLEEP(5).
  • ·The vulnerability affects Enigma NMS version 65.0.0 and prior; ensure patching is applied to all instances at or below this version threshold.
  • ·Successful exploitation may allow command execution as the mysql OS user, meaning impact extends beyond database exposure to potential system-level compromise.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.