Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-16065 — SQL Injection in Enigma Network Management Solution

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.3%

top 19.96%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netsas Enigma Network Management Solution

Timeline

PublishedMar 19

Latest updateMay 24

Description

A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDnetsas/enigma_network_management_solution65.0.0

🔴Vulnerability Details

GHSA

GHSA-vfw4-vqmx-jfwg: A remote SQL injection web vulnerability was discovered in the Enigma NMS 65↗2022-05-24

▶

CVEList

CVE-2019-16065: A remote SQL injection web vulnerability was discovered in the Enigma NMS 65↗2020-03-19

▶

💥Exploits & PoCs

Exploit-DB

Enigma NMS 65.0.0 - SQL Injection↗2019-09-09

▶