An attacker can exploit this vulnerability to execute arbitrary SQL commands on the system, resulting in remote access and data theft. In OpenCATS v0.9.6, the importID parameter is not sanitized before being input to the Import viewerrors function, resulting in SQL injection.

OpenCATS v0.9.6 was discovered to have a cross-site scripting (XSS) vulnerability via the viewerrors parameter.

An attacker can exploit this vulnerability to execute arbitrary HTML and JavaScript code in a user’s browser, resulting in information disclosure and potential session hijacking. In OpenCATS v0.9.6, the viewerrors parameter is not sanitized before being input to the Import viewerrors function, resulting in XSS. Summary of findings: OpenCATS v0.9.6 was discovered to have multiple input validation vulnerabilities, including SQL injection and cross-site scripting. These vulnerabilities can be exploited by attackers to gain unauthorized access to a system or to manipulate data or execute code in a user’s browser. Stay up to date on the latest software releases for your Red Hat systems by subscribing to Red Hat Software Update.

SQL Injection

OpenCATS v0.9.6 was discovered to have a SQL injection vulnerability via the importid parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the system, resulting in remote access and data theft.

SQL Injection in Import Viewerrors

In OpenCATS v0.9.6, the importID parameter is not sanitized before being input to the Import viewerrors function, resulting in SQL injection. This vulnerability can be exploited by attackers to gain unauthorized access to a system or to manipulate data or execute code in a user’s browser.

Timeline

Published on: 10/19/2022 18:15:00 UTC
Last modified on: 10/20/2022 05:47:00 UTC

References