A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter.
References
Link | Resource |
---|---|
https://blog.divisionzero.co/2020/08/12/cve-2020-15947/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-08-13 14:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-15947
Mitre link : CVE-2020-15947
CVE.ORG link : CVE-2020-15947
JSON object : View
Products Affected
loway
- queuemetrics
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')