Advantech WebAccess SQLi
High Nessus Plugin ID 96876
SynopsisThe remote host is running a web application that is affected by a SQL injection vulnerability.
DescriptionThe Advantech WebAccess web server running on the remote host is affected by a SQL injection (SQLi) vulnerability in the WaExlViewer web application due to a failure to properly sanitize user-supplied input to the updateTemplate.aspx page. An authenticated, remote attacker can exploit this, via a series of crafted HTTP requests, to disclose passwords of administrative accounts used by Advantech WebAccess. Note that an attacker can also exploit this vulnerability without authentication by leveraging an existing authentication bypass vulnerability (CVE-2017-5152).
Nessus has exploited the authentication bypass vulnerability (CVE-2017-5152) in order to exploit the SQLi vulnerability (CVE-2017-5154).
SolutionUpgrade to Advantech WebAccess version 8.2-2016.11.21 or later.