EMC AppSync CVE-2017-8015 SQL Injection Vulnerability



EMC AppSync is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

EMC AppSync versions prior to 3.5 are vulnerable.

Information

Bugtraq ID: 100683
Class: Input Validation Error
CVE: CVE-2017-8015

Remote: Yes
Local: No
Published: Sep 09 2017 12:00AM
Updated: Sep 09 2017 12:00AM
Credit: rgod working with Trend Micro's Zero Day Initiative.
Vulnerable: EMC AppSync 2.1
EMC AppSync 0


Not Vulnerable: EMC AppSync 3.5


Exploit


Attackers can exploit this issue using browser.


References:

Related Posts