AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/47542 | Exploit Third Party Advisory VDB Entry |
https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/47542 | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view - Exploit, Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/47542 - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-11-12 19:15
Updated : 2024-11-21 04:23
NVD link : CVE-2019-12720
Mitre link : CVE-2019-12720
CVE.ORG link : CVE-2019-12720
JSON object : View
Products Affected
auo
- sunveillance_monitoring_system_\&_data_recorder
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')