Cisco Connected Grid Network Management System CVE-2013-1163 SQL Injection Vulnerability
BID:58804
Info
Cisco Connected Grid Network Management System CVE-2013-1163 SQL Injection Vulnerability
| Bugtraq ID: | 58804 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1163 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2013 12:00AM |
| Updated: | Apr 01 2013 12:00AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Cisco Connected Grid Network Management System 0 |
| Not Vulnerable: | |
Discussion
Cisco Connected Grid Network Management System CVE-2013-1163 SQL Injection Vulnerability
Cisco Connected Grid Network Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Cisco Connected Grid Network Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Exploit / POC
Cisco Connected Grid Network Management System CVE-2013-1163 SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Cisco Connected Grid Network Management System CVE-2013-1163 SQL Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Cisco Connected Grid Network Management System CVE-2013-1163 SQL Injection Vulnerability
References:
References: