CVE-2019-12720

AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.
References
Link Resource
https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view Exploit Third Party Advisory
https://www.exploit-db.com/exploits/47542 Exploit Third Party Advisory VDB Entry
https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view Exploit Third Party Advisory
https://www.exploit-db.com/exploits/47542 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:auo:sunveillance_monitoring_system_\&_data_recorder:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:23

Type Values Removed Values Added
References () https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view - Exploit, Third Party Advisory () https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view - Exploit, Third Party Advisory
References () https://www.exploit-db.com/exploits/47542 - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/47542 - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2019-11-12 19:15

Updated : 2024-11-21 04:23


NVD link : CVE-2019-12720

Mitre link : CVE-2019-12720

CVE.ORG link : CVE-2019-12720


JSON object : View

Products Affected

auo

  • sunveillance_monitoring_system_\&_data_recorder
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')