SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:10
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html - Third Party Advisory, VDB Entry |
Information
Published : 2017-09-21 16:29
Updated : 2024-11-21 03:10
NVD link : CVE-2017-12930
Mitre link : CVE-2017-12930
CVE.ORG link : CVE-2017-12930
JSON object : View
Products Affected
tecnovision
- dlx_spot_player4
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')