SQL Injection Vulnerability in OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) v3.6-2 and Earlier Versions

SQL Injection Vulnerability in OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) v3.6-2 and Earlier Versions

CVE-2019-1000023 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.