This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote host is running a web application that is affected by a SQL
The Advantech WebAccess web server running on the remote host is
affected by a SQL injection (SQLi) vulnerability in the WaExlViewer
web application due to a failure to properly sanitize user-supplied
input to the updateTemplate.aspx page. An authenticated, remote
attacker can exploit this, via a series of crafted HTTP requests, to
disclose passwords of administrative accounts used by Advantech
WebAccess. Note that an attacker can also exploit this vulnerability
without authentication by leveraging an existing authentication bypass
Nessus has exploited the authentication bypass vulnerability
(CVE-2017-5152) in order to exploit the SQLi vulnerability
See also :
Upgrade to Advantech WebAccess version 8.2-2016.11.21 or later.
Risk factor :
High / CVSS Base Score : 7.5