Published: 26/01/2014 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dell kace k1200s systems management appliance -
dell kace k1100s systems management appliance -
dell kace k1000 systems management appliance software 5.4.76847
dell kace k1000 systems management appliance -
dell kace k1000 systems management virtual appliance -

source: wwwsecurityfocuscom/bid/65029/info Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query Exploiting these issues could allow an attacker to compromise the application, access or modify data, or e ...

CWE-89 http://secunia.com/advisories/56396 http://www.securityfocus.com/bid/65029 https://exchange.xforce.ibmcloud.com/vulnerabilities/90592 http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injection-%28DS-2014-001%29 https://nvd.nist.gov https://www.exploit-db.com/exploits/39057/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1671

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect