Published: 17/10/2019 Updated: 22/10/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Subscribe to Two Factor Authentication Enterprise Server

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server up to and including 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wikidsystems two factor authentication enterprise server

WiKID Systems 2FA Enterprise Server version 420-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    WiKID 2FA Enterprise Server Multiple Issues   From: Aaron Bishop ...

CWE-89 https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection http://seclists.org/fulldisclosure/2019/Oct/35 http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html https://nvd.nist.gov https://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html

CVE-2019-17119

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect