← Back

CVE-2019-17117

nvd nist
Published: Oct 17, 2019Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.

Affected (47)

Wikidsystems
1 product
2fa Enterprise Server
Configuration A
47 vulnerable
Vulnerable SoftwareAffected Versions
Wikidsystems
2fa Enterprise Server
Version 3.4.81 b676
2fa Enterprise Server
Version 3.4.85 b780
2fa Enterprise Server
Version 3.4.87 b1092
2fa Enterprise Server
Version 3.4.87 b1159
2fa Enterprise Server
Version 3.4.87 b1169
2fa Enterprise Server
Version 3.4.87 b1216
2fa Enterprise Server
Version 3.4.87 b824
2fa Enterprise Server
Version 3.4.87 b839
2fa Enterprise Server
Version 3.5.0 b1342
2fa Enterprise Server
Version 3.5.0 b1352
2fa Enterprise Server
Version 3.5.0 b1359
2fa Enterprise Server
Version 3.5.0 b1373
2fa Enterprise Server
Version 3.5.0 b1403
2fa Enterprise Server
Version 3.5.0 b1411
2fa Enterprise Server
Version 3.5.0 b1421
2fa Enterprise Server
Version 3.5.0 b1428
2fa Enterprise Server
Version 3.5.0 b1438
2fa Enterprise Server
Version 3.5.0 b1472
2fa Enterprise Server
Version 3.5.0 b1542
2fa Enterprise Server
Version 3.5.0 b1580
2fa Enterprise Server
Version 3.6.0 b1659
2fa Enterprise Server
Version 3.6.0 b1672
2fa Enterprise Server
Version 4.0.1 b1817
2fa Enterprise Server
Version 4.0.1 b1821
2fa Enterprise Server
Version 4.0.1 b1905
2fa Enterprise Server
Version 4.0.1 b1906
2fa Enterprise Server
Version 4.0.2 b1917
2fa Enterprise Server
Version 4.0.2 b1921
2fa Enterprise Server
Version 4.0 b1787
2fa Enterprise Server
Version 4.0 b1798
2fa Enterprise Server
Version 4.0 b1803
2fa Enterprise Server
Version 4.1.0 b1926
2fa Enterprise Server
Version 4.1.0 b1941
2fa Enterprise Server
Version 4.1.0 b1949
2fa Enterprise Server
Version 4.1.0 b1955
2fa Enterprise Server
Version 4.2.0 b1978
2fa Enterprise Server
Version 4.2.0 b1981
2fa Enterprise Server
Version 4.2.0 b1984
2fa Enterprise Server
Version 4.2.0 b2007
2fa Enterprise Server
Version 4.2.0 b2014
2fa Enterprise Server
Version 4.2.0 b2016
2fa Enterprise Server
Version 4.2.0 b2020
2fa Enterprise Server
Version 4.2.0 b2023
2fa Enterprise Server
Version 4.2.0 b2028
2fa Enterprise Server
Version 4.2.0 b2032
2fa Enterprise Server
Version 4.2.0 b2047
2fa Enterprise Server
Version 4.2.0 b2053

Related CWEs

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (6)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.