daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2019/CVE-2019-13462.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-02-04 14:39:08 -05:00
parent a3d83420ac
commit 50d9f0b4f1
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2019/CVE-2019-13462.yaml
View File

@ -1,11 +1,12 @@
id: CVE-2019-13462
info:
name: Lansweeper through 7.1.115.4 unauthenticated SQL injection
name: Lansweeper Unauthenticated SQL Injection
author: divya_mudgal
severity: critical
reference: https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
description: Lansweeper web application through 7.1.115.4 allows unauthenticated SQL injection via the "row" and "column" GET parameters to /WidgetHandler.ashx?MethodName=Sort&ID=1&column=INJECTION&row=INJECTION URI.
description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
remediation: Upgrade to the latest version.
tags: cve,cve2019,sqli,lansweeper
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
@ -34,3 +35,5 @@ requests:
- type: status
status:
- 500
# Enhanced by mp on 2022/02/04