An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database).
References
Link | Resource |
---|---|
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html | Exploit Third Party Advisory |
https://www.seling.it/product/vam/ | Product Vendor Advisory |
https://www.seling.it/ | Product |
Configurations
Information
Published : 2020-02-26 08:15
Updated : 2020-02-27 07:07
NVD link : CVE-2019-19986
Mitre link : CVE-2019-19986
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
seling
- visual_access_manager