CVE-2017-15329

Published: Feb 15, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries.

Vendor	Product	Versions
Huawei Technologies Co., Ltd.	UMA	affected `V200R001C00`

References

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15329

Description

Affected Products

References