★且听安全★-点关注,不迷路!★漏洞空间站★-优质漏洞资源和小伙伴聚集地!漏洞信息2022.06 ZDI 发布多个 Advantech iView 漏洞信息 CVE-2022-2135&2143&2135 等 :影响版本为 Advantech iView All versions prior to 5_7_04_6469。重点关注其中评分为 `9.8` 的高危漏洞,发现问题主要集中在 `NetworkServlet` ,整理的部分漏洞信息如下: `findCfgDeviceList` :When parsing the COLUMN and VALUE elements of the findCfgDeviceList action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. `getAllActiveTraps` :When parsing the search_date_to and search_date_from elements of the getAllActiveTraps action, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in
………………………………