CVE-2022-1258 An authenticated administrator on ePO can exploit a blind SQL injection vulnerability in MA ePO 5.7.6 and perform arbitrary SQL queries in the back-end database. This can lead to command execution.

CVE-2022-1258 An authenticated administrator on ePO can exploit a blind SQL injection vulnerability in MA ePO 5.7.6 and perform arbitrary SQL queries in the back-end database. This can lead to command execution.

An attacker must first obtain the ability to access the ePO server and then perform a series of steps to exploit this vulnerability. First, the attacker needs to be able to access the ePO server and then needs to perform the following steps: - Access the ePO administrator page - Navigate to the Extensions section and locate the ePolicy Orchestrator (ePO) extension - Click on the ePolicy Orchestrator (ePO) extension - Select the Settings option - Modify the SQL Query field to contain SQL command injection - Click on the Test button to execute the SQL command Next, the attacker needs to be able to access the ePO server and then needs to perform the following steps: - Access the ePO administrator page - Navigate to the Extensions section and locate the ePolicy Orchestrator (ePO) extension - Click on the ePolicy Orchestrator (ePO) extension - Select the Save and Activate option to save the setting Finally, the attacker needs to be able to access the ePO server and then needs to perform the following steps: - Access the ePO administrator page - Navigate to the Extensions section and locate the ePolicy Orchestrator (ePO) extension - Click on the ePolicy Orchestrator (ePO) extension - Modify the SQL Query field to contain SQL command injection - Click on the Save button to save the setting - Access the ePO administrator page - Navigate to the Extensions section and locate the ePolicy Orchestrator

Vulnerability Description

A vulnerability in ePolicy Orchestrator (ePO) allows an attacker to alter the SQL Query field and execute SQL commands, resulting in root access.

References for ePolicy Orchestrator (ePO)

- CVE-2022-1258
- https://www.epoint.com/products/ePolicy-Orchestrator

Why Outsourcing SEO Can Be a Good Idea
Designing an effective SEO strategy isn’t a simple task. Companies have to consider how search engines are evaluating the content, what aspects of SEO offer the most impact, and where they could change their current content to better align with search engine expectations. This is especially critical as search engines like Google continually refine their ranking process. For example, page loading speed is now a factor in search result rankings. In practice, this expands the role of SEO; it’s not enough to simply weave in popular keywords and deliver high-quality content. Brands also need to consider the entire user experience. As a result, it’s often worth outsourcing SEO services to ensure that your digital presence is generating maximum impact and capturing the highest volume of prospective customers. In much the same way that companies outsource their marketing efforts to experts, outsourcing SEO provides a way for brands to identify key strategic goals and then leave the complex process of meeting those goals to industry experts.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe