Integraxor
CVE-2016-8341
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.
AnalysisAI
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. Affected products include: Ecava Integraxor. Version information: Version 5.0.413.0..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Integraxor
View allMultiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier
A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. Rated critical severity (CVSS 9.
Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote a
Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a d
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via
Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via S
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext infor
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL c
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier a
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbit
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today