CVE-2013-3578

Wave EMBASSY Remote Admin Server Help Desk SQLi & OS Command Execution via Search

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands.

References (1)

Core 1
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/217836

Scores

EPSS 0.0246
EPSS Percentile 82.5%

Details

CWE
CWE-78 CWE-89
Status published
Products (2)
wave/embassy_remote_administration_server
wave/embassy_remote_administration_server_help_desk
Published Jul 15, 2013
Tracked Since Feb 18, 2026