First published: Thu Aug 29 2019(Updated: )
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Prophecyinternational Snare Central | <7.4.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11363 is a SQL injection vulnerability in Snare Central before version 7.4.5.
CVE-2019-11363 allows remote authenticated attackers to execute arbitrary SQL commands via the ShowUser parameter in AgentConsole/UserGroupQuery.php.
CVE-2019-11363 has a severity rating of 7.2 (high).
Snare Central versions up to and excluding 7.4.5 are affected by CVE-2019-11363.
To fix CVE-2019-11363, update Snare Central to version 7.4.5 or higher.