An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cmdshell stored procedure.
References
Link | Resource |
---|---|
https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-12606 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-17T13:17:39
Updated: 2020-08-17T13:17:39
Reserved: 2020-05-01T00:00:00
Link: CVE-2020-12606
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-17T14:15:13.683
Modified: 2020-08-21T15:48:12.443
Link: CVE-2020-12606
JSON object: View
Redhat Information
No data.
CWE