Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
softinventive network olympus 1.8.0 |