CVE-2019-15016
Description
An SQL injection vulnerability exists in the Zingbox Inspector management interface that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. (Ref: CVE-2019-15016)The vulnerability allows for authenticated users to pass unsanitized commands to the Zingbox Inspector backend database, potentially causing compromise or other harm to the database or system.This issue affects Zingbox Inspector, versions 1.288 and earlier.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.339
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability (CVE-2019-15016) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234