CVE-2017-12930

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
Configurations

Configuration 1 (hide)

cpe:2.3:a:tecnovision:dlx_spot_player4:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:10

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html - Third Party Advisory, VDB Entry

Information

Published : 2017-09-21 16:29

Updated : 2024-11-21 03:10


NVD link : CVE-2017-12930

Mitre link : CVE-2017-12930

CVE.ORG link : CVE-2017-12930


JSON object : View

Products Affected

tecnovision

  • dlx_spot_player4
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')