CVE-2019-10123
CVE-2019-10123
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 65.8%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
27 Mar 2019Metasploit module available
30 Apr 2019Public PoC
31 May 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/46782unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.