CVE-2020-14497

Summary

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.

Affected Software

VendorProductVersion RangeStatus
n/aAdvantech iViewVersions 5.6 and prioraffected

Weaknesses

  • CWE-89: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89

ADP Enrichment

CVE Program Container

Additional References

References