web analytics

Cisco Fixes Critical SQL Injection Vulnerability in Prime License Manager

Successful exploit allows execution of arbitrary SQL queries

 

28th November 2018, By Sergiu Gatlan

 

Cisco just patched a critical SQL injection vulnerability residing in the web framework code of the Cisco Prime License Manager (PLM) designed to help administrators to manage user licenses on an enterprise-wide scale.

 

Potential remote attackers could execute arbitrary SQL queries on vulnerable machines after successfully exploiting the CVE-2018-15441 security issue.

 

According to Cisco’s advisory detailing this SQL injection security bug in the Cisco Prime License Manager solution, the issue resides in the “lack of proper validation of user-supplied input in SQL queries.”

 

Full Article.






Take a look at the best antivirus, anti-malware, anti-spy, etc. software