CVE-2018-15441

A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.
Configurations

Configuration 1

cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_license_manager:11.5(1):su5:*:*:*:*:*:*

Information

Published : 2018-11-28 06:29

Updated : 2019-10-09 11:35


NVD link : CVE-2018-15441

Mitre link : CVE-2018-15441

Products Affected
No products.
CWE