CVE-2017-10936
CVE-2017-10936
In short
A flaw in ZTE ZXCDN-SNS lets attackers send specially crafted requests that run unauthorized database commands, exposing sensitive information stored in the system.
Technical detail
SQL injection vulnerability in the aoData parameter allows unauthenticated remote attackers to execute arbitrary SQL queries against the backend database. Affected versions prior to V4.01.01; exploitation results in unauthorized data disclosure and potential database manipulation.
Summary generated and translated by AI from the official description.
SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
Affected products
ZTE · ZXCDN-SNSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →