CVE-2017-6550 in Infor-Lawsoninfo

Summary

Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

03/08/2017

Disclosure

03/20/2017

Moderation

VulDB entry created

Entries

VDB-97870 (2)

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

8.5

EPSS

0.05854

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-6550
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-6550
CVE Details	https://www.cvedetails.com/cve/CVE-2017-6550/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!