CRITICAL🇵🇱 Wersja polska

CVE-2017-6050

CVSS 9.8v3.0pub. 2017-06-21upd. 2026-05-13

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ecava Integraxor

    APP
    Ecava
    ≤ 5.2.1231.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2016-8341CRITICAL9.8ten sam produkt

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters ...

CVE-2016-2306HIGH7.5ten sam produkt

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive clear...

CVE-2016-2299HIGH7.3ten sam produkt

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbit...

CVE-2014-2376HIGH7.5ten sam produkt

SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and...

CVE-2014-2375HIGH8.3ten sam produkt

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attacker...