Quest NetVault Backup CVE-2017-17417 SQL Injection Vulnerability
BID:106048
Info
Quest NetVault Backup CVE-2017-17417 SQL Injection Vulnerability
| Bugtraq ID: | 106048 |
| Class: | Input Validation Error |
| CVE: |
CVE-2017-17417 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2017 12:00AM |
| Updated: | Dec 15 2017 12:00AM |
| Credit: | rgod |
| Vulnerable: |
Quest NetVault Backup 11.3.0.12 |
| Not Vulnerable: |
Quest NetVault Backup 11.4.5 |
Discussion
Quest NetVault Backup CVE-2017-17417 SQL Injection Vulnerability
Quest NetVault Backup is prone to SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
Quest NetVault Backup is prone to SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.