SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions before 8.30.1236(MR1); 8.20 versions before 8.20.1166(MR3); 8.10 versions before 8.10.1211(MR5); 8.00 versions before 8.00.1228(MR6); version 7.90 and prior versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gallagher command centre |
||
gallagher command centre 8.00.1228 |
||
gallagher command centre 8.10.1211 |
||
gallagher command centre 8.20.1166 |
||
gallagher command centre 8.30.1236 |