Vulnerability Description
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kwoksys | Information Server | <= 2.8.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/123193Exploit
- http://www.kwoksys.com/wiki/index.php?title=Release_Notes
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86363
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87067
- http://packetstormsecurity.com/files/123193Exploit
- http://www.kwoksys.com/wiki/index.php?title=Release_Notes
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86363
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87067
FAQ
What is CVE-2013-5028?
CVE-2013-5028 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) ha...
How severe is CVE-2013-5028?
CVE-2013-5028 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5028?
Check the references section above for vendor advisories and patch information. Affected products include: Kwoksys Information Server.