← back
CVE-2013-0140

CVE-2013-0140

EPSS 2.5%
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/33071unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2014/Apr/289https://kc.mcafee.com/corporate/index?page=content&id=SB10042http://www.kb.cert.org/vuls/id/209131http://www.securityfocus.com/bid/59500http://www.us-cert.gov/ncas/alerts/TA13-193A