Fält | 03/04/2014 17:21 | 31/03/2019 22:05 | 24/05/2022 15:14 |
---|
vendor | Telecommunication Software | Telecommunication Software | Telecommunication Software |
name | SAMwin Contact Center Suite | SAMwin Contact Center Suite | SAMwin Contact Center Suite |
version | 5.1 | 5.1 | 5.1 |
component | Database Handler | Database Handler | Database Handler |
library | SAMwinLIBVB.dll | SAMwinLIBVB.dll | SAMwinLIBVB.dll |
function | getCurrentDBVersion | getCurrentDBVersion | getCurrentDBVersion |
affectedlist | Telecommunication Software SAMwin Contact Center Suite 5.1
Telecommunication Software SAMwin Agent 5.01.19.06 | Telecommunication Software SAMwin Contact Center Suite 5.1
Telecommunication Software SAMwin Agent 5.01.19.06 | Telecommunication Software SAMwin Contact Center Suite 5.1
Telecommunication Software SAMwin Agent 5.01.19.06 |
vendorinformdate | 1379635200 | 1379635200 | 1379635200 |
risk | 2 | 2 | 2 |
historic | 0 | 0 | 0 |
cvss2_vuldb_basescore | 5.8 | 5.8 | 5.8 |
cvss2_vuldb_tempscore | 4.3 | 4.3 | 4.3 |
cvss2_vuldb_av | N | N | N |
cvss2_vuldb_ac | M | M | M |
cvss2_vuldb_au | N | N | N |
cvss2_vuldb_ci | P | P | P |
cvss2_vuldb_ii | P | P | P |
cvss2_vuldb_ai | N | N | N |
cvss3_meta_basescore | 6.5 | 6.5 | 6.5 |
cvss3_meta_tempscore | 5.6 | 5.6 | 5.6 |
cvss3_vuldb_basescore | 6.5 | 6.5 | 6.5 |
cvss3_vuldb_tempscore | 5.6 | 5.6 | 5.6 |
advisoryquote | Due to the absence of any middleware sanitizing and verifying input data send by the SAMwin Agent, arbitrary SQL commands can be executed from the username field of the SAMwin Agent login mask. When a SAMwin Agent user logs in, the username and password will be compared against values that are stored in the database. By terminating the username with a single quote character, any person with access to the SAMwin Agent login form can execute malicious SQL statements. For example, the following string can be used as username to verify the SQL command execution on the SQL server. | Due to the absence of any middleware sanitizing and verifying input data send by the SAMwin Agent, arbitrary SQL commands can be executed from the username field of the SAMwin Agent login mask. When a SAMwin Agent user logs in, the username and password will be compared against values that are stored in the database. By terminating the username with a single quote character, any person with access to the SAMwin Agent login form can execute malicious SQL statements. For example, the following string can be used as username to verify the SQL command execution on the SQL server. | Due to the absence of any middleware sanitizing and verifying input data send by the SAMwin Agent, arbitrary SQL commands can be executed from the username field of the SAMwin Agent login mask. When a SAMwin Agent user logs in, the username and password will be compared against values that are stored in the database. By terminating the username with a single quote character, any person with access to the SAMwin Agent login form can execute malicious SQL statements. For example, the following string can be used as username to verify the SQL command execution on the SQL server. |
date | 1394668800 (13/03/2014) | 1394668800 (13/03/2014) | 1394668800 (13/03/2014) |
location | Website | Website | Website |
type | Advisory | Advisory | Advisory |
url | http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt | http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt | http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt |
identifier | MZ-13-06 | MZ-13-06 | MZ-13-06 |
coordination | 1 | 1 | 1 |
person_name | Tobias Ospelt/Max Moser | Tobias Ospelt/Max Moser | Tobias Ospelt/Max Moser |
company_name | modzero AG | modzero AG | modzero AG |
confirm_date | 1379980800 (24/09/2013) | 1379980800 (24/09/2013) | 1379980800 (24/09/2013) |
availability | 1 | 1 | 1 |
date | 1394668800 (13/03/2014) | 1394668800 (13/03/2014) | 1394668800 (13/03/2014) |
publicity | 1 | 1 | 1 |
url | http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt | http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt | http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt |
developer_name | Tobias Ospelt/Max Moser | Tobias Ospelt/Max Moser | Tobias Ospelt/Max Moser |
language | SQL | SQL | SQL |
price_0day | $0-$5k | $0-$5k | $0-$5k |
name | Upgrade | Upgrade | Upgrade |
upgrade_version | 6.2 | 6.2 | 6.2 |
seealso | 12788 | 12788 | 12788 |
cvss3_vuldb_av | N | N | N |
cvss3_vuldb_ac | L | L | L |
cvss3_vuldb_ui | N | N | N |
cvss2_vuldb_e | POC | POC | POC |
cvss2_vuldb_rl | OF | OF | OF |
cvss2_vuldb_rc | UR | UR | UR |
cvss3_vuldb_e | P | P | P |
cvss3_vuldb_rl | O | O | O |
cvss3_vuldb_rc | R | R | R |
0day_days | 174 | 174 | 174 |
cvss3_vuldb_pr | N | N | N |
cvss3_vuldb_s | U | U | U |
cvss3_vuldb_c | L | L | L |
cvss3_vuldb_i | L | L | L |
cvss3_vuldb_a | N | N | N |
cwe | 0 | 89 (sql injektion) | 89 (sql injektion) |
cve | | | CVE-2013-10003 |
responsible | | | VulDB |