CVE-2013-3578
Wave EMBASSY Remote Admin Server Help Desk SQLi & OS Command Execution via Search
Title source: llmDescription
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands.
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/217836
Scores
EPSS
0.0246
EPSS Percentile
82.5%
Details
CWE
CWE-78
CWE-89
Status
published
Products (2)
wave/embassy_remote_administration_server
wave/embassy_remote_administration_server_help_desk
Published
Jul 15, 2013
Tracked Since
Feb 18, 2026