.. / CVE-2019-13462

Exploit for Lansweeper Unauthenticated SQL Injection (CVE-2019-13462)

Description:

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.

Nuclei Template

View the template here CVE-2019-13462.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-13462.yaml

References:

https://www.lansweeper.com/forum/yaf_topics33_Announcements.aspx
https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
https://www.nccgroup.trust/uk/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
https://nvd.nist.gov/vuln/detail/CVE-2019-13462