SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page.
References
Link | Resource |
---|---|
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept | Exploit |
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md | Third Party Advisory |
https://www.quest-analytics.com/ | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-22T00:00:00
Updated: 2024-01-22T19:08:53.200686
Reserved: 2023-11-13T00:00:00
Link: CVE-2023-48118
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-22T19:15:08.947
Modified: 2024-01-29T19:29:48.950
Link: CVE-2023-48118
JSON object: View
Redhat Information
No data.
CWE