CVE-2014-1671

Currently unrated

Key Information:

Vendor: Dell
Status: Kace K1200s Systems Management Appliance; Kace K1100s Systems Management Appliance; Kace K1000 Systems Management Appliance Software; Kace K1000 Systems Management Appliance
Vendor: CVE Published:; 26 January 2014

Summary

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.

References

http://secunia.com/advisories/56396

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/90592

vdb-entryx_refsource_XF

http://www.baesystemsdetica.com.au/Research/Advisories/De...

x_refsource_MISC

Timeline

Vulnerability published
Jan 26, 2014
Vulnerability Reserved
Jan 25, 2014