CVE-2020-14497
CVE-2020-14497
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
Affected products
n/a · Advantech iViewWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01https://www.zerodayinitiative.com/advisories/ZDI-20-827/https://www.zerodayinitiative.com/advisories/ZDI-20-828/https://www.zerodayinitiative.com/advisories/ZDI-20-830/https://www.zerodayinitiative.com/advisories/ZDI-20-832/https://www.zerodayinitiative.com/advisories/ZDI-20-833/https://www.zerodayinitiative.com/advisories/ZDI-20-835/https://www.zerodayinitiative.com/advisories/ZDI-20-836/https://www.zerodayinitiative.com/advisories/ZDI-20-837/https://www.zerodayinitiative.com/advisories/ZDI-20-838/https://www.zerodayinitiative.com/advisories/ZDI-20-839/https://www.zerodayinitiative.com/advisories/ZDI-20-842/