CVE-2017-5154: SQL Injection
First published: Mon Feb 13 2017(Updated: )
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebOP | =8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-5154?
CVE-2017-5154 is classified as a high severity SQL injection vulnerability.
How do I fix CVE-2017-5154?
To fix CVE-2017-5154, update Advantech WebAccess to a version that addresses this vulnerability.
What are the potential impacts of CVE-2017-5154?
Exploitation of CVE-2017-5154 can lead to unauthorized administrative access and exposure of sensitive application data.
Who is affected by CVE-2017-5154?
CVE-2017-5154 affects users of Advantech WebAccess version 8.1.
How can an attacker exploit CVE-2017-5154?
An attacker can exploit CVE-2017-5154 by supplying malformed input to the WebAccess software.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/advantech
- canonical/advantech webop
- version/advantech webop/8.1