header-logo
Suggest Exploit
vendor:
TR-069 ACS
by:
8.1
CVSS
HIGH
SQL Injection
89
CWE
Product Name: TR-069 ACS
Affected Version From: TR-069 ACS 2.8.9
Affected Version To: TR-069 ACS (unknown)
Patch Exists: NO
Related CWE:
CPE: friendly_technologies:tr-069_acs
Metasploit:
Other Scripts:
Platforms Tested:

Friendly Technologies TR-069 ACS SQL Injection Vulnerability

The Friendly Technologies TR-069 ACS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, gain administrator access, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before using it in SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38634/info

Friendly Technologies TR-069 ACS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, gain administrator access, access or modify data, or exploit latent vulnerabilities in the underlying database.

Friendly Technologies TR-069 ACS 2.8.9 is vulnerable; other versions may also be affected.

The following example data is available:

Username: ' or 1=1--
Password: ' or 1=1--

Navigation

Suggest Exploit

Services By CQR