Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from the database used by the application.

Published : 2019-10-09 16:15 Updated : 2019-10-11 19:48

CVSS Score More info
Score 5.0 / 10
Vendor Product Version URI
Netreo Omnicenter 12.1.1 cpe:/a:netreo:omnicenter:12.1.1
  1. Netreo (1) Search CVE
    1. Omnicenter (1) Search CVE
      1. 12.1.1


ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-11 19:48
2019-10-09 16:21