CVE-2019-15016 Information

Description

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://security.paloaltonetworks.com/CVE-2019-15016

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8