IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
References
Link | Resource |
---|---|
https://blogs.securiteam.com/index.php/archives/3223#more-3223 | Exploit Technical Description Third Party Advisory |
Configurations
Information
Published : 2017-07-19 21:29
Updated : 2017-07-24 08:28
NVD link : CVE-2017-11471
Mitre link : CVE-2017-11471
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
idera
- uptime_infrastructure_monitor