CVE-2019-13078: SQL Injection
First published: Wed Nov 06 2019(Updated: )
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest KACE Systems Management Appliance | =9.1.317 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-13078?
CVE-2019-13078 is a vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 that allows SQL injection.
What is the severity of CVE-2019-13078?
The severity of CVE-2019-13078 is rated as high with a CVSS score of 8.8.
How does CVE-2019-13078 affect Quest KACE Systems Management Appliance?
CVE-2019-13078 allows an authenticated user to execute arbitrary commands against the database in Quest KACE Systems Management Appliance Server Center 9.1.317.
What is the affected component of CVE-2019-13078?
The affected component of CVE-2019-13078 is /common/user_profile.php.
How can I fix the SQL injection vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317?
To fix the SQL injection vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317, it is recommended to apply the latest security updates provided by Quest.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/quest
- canonical/quest kace systems management appliance
- version/quest kace systems management appliance/9.1.317