This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.
The remote web server is prone to a SQL injection attack.
The remote web server is an embedded web server in a Samsung
Integrated Management System DMS (Data Management Server), an embedded
hardware device used to manange a large number of air conditioning
According to its self-reported version, the version of this web server
is earlier than 1.4.3. Such versions are reportedly affected by a SQL
injection vulnerability due to a failure of the software to sanitize
input to the username and password fields of the login page before
using it in a database query in the 'verifyUser()' method in the
An unauthenticated remote attacker can leverage this issue to
manipulate database queries and, for example, bypass authentication
and gain administrative access to the device.
See also :
Upgrade DMS to 1.4.3 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true