RXTEC RXAdmin SQL Injection

2015.11.26
Credit: Thomas Konrad
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2015-8298
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

### RXTEC_20150513 #### Title: SQL injection vulnerability in the RXTEC RXAdmin Login Page allows remote attackers to execute arbitrary SQL commands via several HTTP parameter. #### Type of vulnerability: SQL injection ##### Attack outcome: It is possible to extract all information from the database in use by the application. Depending on the configuration of the SQL server arbitrary code execution might be possible. #### Impact: Critical #### Software/Product name: RXTEC RXAdmin Login #### Affected versions: UPDATE : 06 / 2012 #### Fixed in version: *unknown* #### Vendor: RXTEC (www.rxtec.net) #### CVE number: CVE-2015-8298 #### Timeline * `2015-04-30` identification of vulnerability * `2015-05-11` vendor contact (won't fix because of outdated version) * `2015-07-14` contact cve-request@mitre. #### Credits: Thomas Konrad `tkonrad@sba-research.org` (SBA Research) #### Description: The following parameters are affectey by the vulnerability: * /index.htm (loginpassword parameter) * /index.htm (loginusername parameter) * /index.htm (zustzlicher parameter) * /index.htm (zustzlicher parameter) * /index.htm (rxtec cookie) * /index.htm (groupid parameter) #### Proof-of-concept: *none*


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top