Multiple SQL Injection Vulnerabilities in Advantech iView 5.6 and Prior Versions

Multiple SQL Injection Vulnerabilities in Advantech iView 5.6 and Prior Versions

CVE-2020-14497 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.