An attacker can exploit this vulnerability to execute arbitrary SQL commands.
An attacker can exploit this vulnerability to execute arbitrary SQL commands. An SQL injection vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php.
An SQL injection vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php. A cross-site scripting (XSS) vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php.
A cross-site scripting (XSS) vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php. A directory traversal vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php.
A directory traversal vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php. A remote code execution vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php.
A remote code execution vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php
Products and version of system affected
This vulnerability affects the following products:
This vulnerability affects the following products:
- Web-Based Management Interface of the lab management system at /clients/management/client.php
- All versions of LabVIEW (7.0, 8.0, 9.0)
Walk through the lab management system to understand how the vulnerabilities are present
An attacker can exploit this vulnerability to execute arbitrary SQL commands. An SQL injection vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php. A cross-site scripting (XSS) vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php. A directory traversal vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php. A remote code execution vulnerability was discovered in the Web-based management interface of the lab management system at /clients/management/client.php
The specific vulnerabilities are present throughout every page of the lab management web app, and they are not difficult to find and fix:
A cross site scripting vulnerability is located on http://www.workforcenetwork.com/?id=http%3A%2F%2Fhtml%2Findex.php%3Foption%3Dcom_content%26view%3Dfrontpage&task=edit&id=821&Itemid=1
A remote code execution vulnerability is located on http://www.workforcenetwork.com/?id=http%3A%2F%2Fhtml%2Findex.php%3Foption%3Dcom_content&task=edit&id=1119
Timeline
Published on: 11/17/2022 21:15:00 UTC
Last modified on: 11/18/2022 18:25:00 UTC