CVE-2015-1013: SQL Injection
First published: Tue May 26 2015(Updated: )
OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Osisoft Pi Server | =2.6 | |
| Osisoft Pi Sql For Af | =2.1.2.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/osisoft
- canonical/osisoft pi server
- version/osisoft pi server/2.6
- canonical/osisoft pi sql for af
- version/osisoft pi sql for af/2.1.2.19