CVE-2019-13079: SQL Injection
First published: Wed Nov 06 2019(Updated: )
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest KACE Systems Management Appliance | =9.1.317 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-13079.
What is the severity of CVE-2019-13079?
The severity of CVE-2019-13079 is high, with a severity value of 8.8.
Which software is affected by CVE-2019-13079?
Quest KACE Systems Management Appliance Server Center version 9.1.317 is affected by CVE-2019-13079.
What is the affected component of CVE-2019-13079?
The affected component of CVE-2019-13079 is /adminui/history_log.php.
How can an authenticated user exploit CVE-2019-13079?
An authenticated user can exploit CVE-2019-13079 by executing arbitrary commands against the database.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/quest
- canonical/quest kace systems management appliance
- version/quest kace systems management appliance/9.1.317