FKIE_CVE-2019-17117
Vulnerability from fkie_nvd - Published: 2019-10-17 18:15 - Updated: 2024-11-21 04:31
Severity ?
Summary
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Oct/35 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Oct/35 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection | Exploit, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.81:b676:*:*:*:*:*:*",
"matchCriteriaId": "4753C348-0E95-42C1-9046-A6F0A925BFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.85:b780:*:*:*:*:*:*",
"matchCriteriaId": "742AF05F-BDFC-4B5D-B7C2-16EBB12423EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1092:*:*:*:*:*:*",
"matchCriteriaId": "0A8A4B86-C166-41BF-91F8-3A0E5935DFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1159:*:*:*:*:*:*",
"matchCriteriaId": "5F0AD527-F28E-4D31-B3E4-164E50C7AE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1169:*:*:*:*:*:*",
"matchCriteriaId": "3700CDE8-3E6F-45BB-ABAF-F39F47421114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1216:*:*:*:*:*:*",
"matchCriteriaId": "9895837A-1172-4033-A431-77F959E742AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b824:*:*:*:*:*:*",
"matchCriteriaId": "EF2A28EA-E801-4E48-9C7C-7F2338D601B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b839:*:*:*:*:*:*",
"matchCriteriaId": "B6061A10-388F-43F1-A60B-E05BFB8D9ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1342:*:*:*:*:*:*",
"matchCriteriaId": "1639C27B-E99D-4E4C-8359-BF1DAA540077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1352:*:*:*:*:*:*",
"matchCriteriaId": "D35F177D-13EB-4BF8-85D6-96D311A1F393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1359:*:*:*:*:*:*",
"matchCriteriaId": "80491F52-2BB1-4CA6-B029-773D7648D618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1373:*:*:*:*:*:*",
"matchCriteriaId": "A640A1D2-F902-48CD-A5CF-431254B9A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1403:*:*:*:*:*:*",
"matchCriteriaId": "3E9584C7-368F-40CB-9424-3C7D3206A9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1411:*:*:*:*:*:*",
"matchCriteriaId": "203D7585-27A1-4F82-89ED-2B7B266C18D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1421:*:*:*:*:*:*",
"matchCriteriaId": "5F9CAFF9-F38C-4598-BE10-C9B4BDCEFB20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1428:*:*:*:*:*:*",
"matchCriteriaId": "BC4359FB-27A1-445D-9C6D-F179E67A59E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1438:*:*:*:*:*:*",
"matchCriteriaId": "DC403DA6-072D-4DC2-9EB0-2CE79BF581AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1472:*:*:*:*:*:*",
"matchCriteriaId": "38944F12-D0AD-460D-8057-9DE11B0FD511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1542:*:*:*:*:*:*",
"matchCriteriaId": "FB04F7A6-77BD-4810-83E4-6F82EA0EFB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1580:*:*:*:*:*:*",
"matchCriteriaId": "C4F8E828-9BCE-4E5D-95F2-A3636D6158F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.6.0:b1659:*:*:*:*:*:*",
"matchCriteriaId": "5674FE03-7B90-4F49-B7F9-A8ADBF25FC00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.6.0:b1672:*:*:*:*:*:*",
"matchCriteriaId": "284197BB-7B78-425B-8410-5C3717749B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1787:*:*:*:*:*:*",
"matchCriteriaId": "7A74FCAD-E081-4FF1-B49D-A542197A25FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1798:*:*:*:*:*:*",
"matchCriteriaId": "CE459BA2-3B76-4A4E-BEAD-10B21EB6D5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1803:*:*:*:*:*:*",
"matchCriteriaId": "7E6CF12D-F364-42EC-94F4-D168B9B7AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1817:*:*:*:*:*:*",
"matchCriteriaId": "51FBB683-6236-4AF4-8BC9-45E445B05065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1821:*:*:*:*:*:*",
"matchCriteriaId": "CA967277-B0F1-4D91-9FE5-5DC6718E8B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1905:*:*:*:*:*:*",
"matchCriteriaId": "68E22857-BEA7-4C36-B044-3B1CF70CDB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1906:*:*:*:*:*:*",
"matchCriteriaId": "5EE7F837-AB7C-4743-8380-A479ADC8B9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.2:b1917:*:*:*:*:*:*",
"matchCriteriaId": "7C873DAC-3CDE-439B-B337-94C5C1589DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.2:b1921:*:*:*:*:*:*",
"matchCriteriaId": "21E0DC7C-D1E6-4836-A367-0E00AA82F208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1926:*:*:*:*:*:*",
"matchCriteriaId": "74586937-9BF8-4D5A-AD5F-131DE95CB4CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1941:*:*:*:*:*:*",
"matchCriteriaId": "F519574C-6A12-4469-8A66-91CEA680CD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1949:*:*:*:*:*:*",
"matchCriteriaId": "DE822EC3-D06E-42A6-A6B6-28B1F1A73831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1955:*:*:*:*:*:*",
"matchCriteriaId": "23B9CEEC-EE7F-489E-B764-331263183CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1978:*:*:*:*:*:*",
"matchCriteriaId": "C77D0966-21EA-4DB3-8AE7-83F745FB7820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1981:*:*:*:*:*:*",
"matchCriteriaId": "3D3B0A02-93F4-492D-810A-720448C624BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1984:*:*:*:*:*:*",
"matchCriteriaId": "70ACC996-D417-48C9-9376-40AECBC0273C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2007:*:*:*:*:*:*",
"matchCriteriaId": "CDA6CDF4-46F8-43F6-8843-61A05ADDD505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2014:*:*:*:*:*:*",
"matchCriteriaId": "D53E57B3-DFFB-448C-9610-463978C9E489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2016:*:*:*:*:*:*",
"matchCriteriaId": "2E37F883-B939-4F6F-B20F-3ABB43BDBD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2020:*:*:*:*:*:*",
"matchCriteriaId": "20533E08-D4C3-42E5-8DE9-94F30710829A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2023:*:*:*:*:*:*",
"matchCriteriaId": "A13F872F-C8F2-49D4-9A05-49AA8DE3994E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2028:*:*:*:*:*:*",
"matchCriteriaId": "F03ADD91-7621-4314-A1DF-380CC51EBE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2032:*:*:*:*:*:*",
"matchCriteriaId": "5D164551-F37A-4F3E-9868-C5CC2578144E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2047:*:*:*:*:*:*",
"matchCriteriaId": "807A8ECD-CC2A-4141-B060-0C6FA65040F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2053:*:*:*:*:*:*",
"matchCriteriaId": "D38FF13A-B9DB-469A-B492-49379BC5B5A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el archivo processPref.jsp en WiKID 2FA Enterprise Server versiones hasta 4.2.0-b2053, permite a un usuario autenticado ejecutar comandos SQL arbitrarios por medio del par\u00e1metro key del archivo processPref.jsp."
}
],
"id": "CVE-2019-17117",
"lastModified": "2024-11-21T04:31:43.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-17T18:15:12.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…