First published: Thu Jan 18 2018(Updated: )
A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Moxa SoftCMS | <=1.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-12729 is considered a high-severity vulnerability due to its potential for SQL injection attacks.
To fix CVE-2017-12729, upgrade Moxa SoftCMS Live Viewer to version 1.6 or later that addresses the SQL injection issue.
CVE-2017-12729 affects Moxa SoftCMS Live Viewer versions up to and including 1.6.
Attackers can potentially gain unauthorized access to SoftCMS by exploiting the SQL injection vulnerability without needing the user's password.
CVE-2017-12729 occurs due to improper neutralization of special elements used in an SQL command, which allows for injection.