Vulnerability Details CVE-2019-1000023
OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-%28NG-NetMS%29.html
- https://sourceforge.net/projects/ngnms/
- https://www.owasp.org/index.php/SQL_Injection
- https://inf0seq.github.io/cve/2019/01/20/SQL-Injection-in-OPTOSS-Next-Gen-Network-Management-System-%28NG-NetMS%29.html
- https://sourceforge.net/projects/ngnms/
- https://www.owasp.org/index.php/SQL_Injection