VideoInsight Fixes SQL Injection Hole

Thursday, January 12, 2017 @ 07:01 PM gHale


VideoInsight created a new version that fixes a SQL injection vulnerability in its web client, according to a report with ICS-CERT.

Web Client Version 6.3.5.11 and previous versions suffer from the remotely exploitable vulnerability. Researcher, Juan Pablo Lopez Yacubian, reported this vulnerability and has tested the patch.

RELATED STORIES
Carlo Gavazzi Patches Vulnerabilities
OSIsoft Working to Fix Pi Hole
Medical Device Vulnerability Mitigated
Rockwell Fixes PAC Buffer Overflow

A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands on the target system.

An attacker could have a low skill level to exploit this vulnerability.

The SQL Injection vulnerability could allow remote code execution.

CVE-2017-5151 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

Click here to download the latest Version 6.3.6.11.



Leave a Reply

You must be logged in to post a comment.