SQL Injection Vulnerability in Quest KACE Systems Management Appliance
CVE-2022-29807

9.8CRITICAL

Key Information:

Vendor: Quest
Status: Kace Systems Management Appliance
Vendor: CVE Published:; 2 August 2022

What is CVE-2022-29807?

A SQL injection vulnerability has been identified in Quest's KACE Systems Management Appliance (SMA) versions through 12.0. This security flaw is present in the 'download_agent_installer.php' script, which can be exploited by attackers to execute arbitrary code remotely. Proper input validation and sanitization measures are crucial to mitigate this risk and protect sensitive data.

References

https://support.quest.com/kb/338162

x_refsource_MISC

https://support.quest.com/kace-systems-management-applian...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2022
Vulnerability Reserved
Apr 26, 2022