CVE-2017-10937
CVE-2017-10937
In short
A vulnerability in ZTE ZXIPTV-UCM allows attackers to inject SQL commands through the opertype parameter, letting them steal sensitive database information.
Technical detail
SQL injection vulnerability in the opertype parameter of ZTE ZXIPTV-UCM versions before V2.01.05.09 allows unauthenticated remote attackers to execute arbitrary SQL queries, resulting in unauthorized access to sensitive database contents. The vulnerability requires network access to the affected service but no prior authentication.
Summary generated and translated by AI from the official description.
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
Affected products
ZTE · ZXIPTV-UCMWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →