CVE-2019-5996

SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

Published : 2019-09-12 17:15 Updated : 2019-09-13 12:14

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Panasonic Video Insight Vms 7.3.2.5 cpe:/a:panasonic:video_insight_vms:7.3.2.5
  1. Panasonic (1) Search CVE
    1. Video Insight Vms (1) Search CVE
      1. 7.3.2.5

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

Reference

History of changes

Date Event
2019-09-13 12:14
2019-09-12 17:19

New CVE