Primary

Context

Advantech iView SQL Injection Vulnerability Allowing Information Disclosure or Denial-of-Service

Vulnerability

Patched

A SQL injection vulnerability has been identified in Advantech iView, specifically in versions prior to 5.7.05 build 7057. This vulnerability arises from improper input validation in the CUtils.checkSQLInjection() function, allowing authenticated attackers with user-level privileges to manipulate SQL queries. Exploitation of this vulnerability could lead to unauthorized information disclosure or a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in SQL injection, allowing attackers to interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or causing the application to become unresponsive.

Remediation

Users are advised to update to Advantech iView version 5.7.05 build 7057.

Added: Jul 11, 2025, 12:24 AM

Updated: Jul 11, 2025, 12:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advantech iView SQL Injection Vulnerability Allowing Information Disclosure or Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Advantech iView

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating