Description

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).

Related CPE's

a

sysaid

sysaid

20.3.64

b14

Vulnerable

References

https://eh337.net/2021/04/10/sysaid-ii/

ExploitThird Party Advisory

https://eh337.net/2021/04/10/sysaid-ii/

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-07-22T10:15:07.927Z

4 years ago

Last modified

2024-11-21T05:04:01.380Z

1 year ago