WiKID Enterprise 2FA (two factor authentication) Enterprise Server up to and including 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wikidsystems two factor authentication enterprise server |