CVE-2013-4882

McAfee ePolicy Orchestrator <4.6.6 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4882.

AI-analyzed exploit summary This document details multiple post-authentication vulnerabilities in McAfee ePO 4.6.6, including SQL injection and reflected XSS. It provides specific HTTP request examples demonstrating the vulnerabilities but does not include functional exploit code.

Description

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.

Exploits (1)

exploitdb WRITEUP

webappswindows

https://www.exploit-db.com/exploits/26807

View Code ZIP pw:eip

This document details multiple post-authentication vulnerabilities in McAfee ePO 4.6.6, including SQL injection and reflected XSS. It provides specific HTTP request examples demonstrating the vulnerabilities but does not include functional exploit code.

Classification

Writeup 95%

Attack Type

Sqli | Xss

Complexity

Moderate

Reliability

Reliable

Target: McAfee ePO 4.6.6 Build 176

Auth required

Prerequisites: Valid authentication token for McAfee ePO · Access to vulnerable endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10043

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/527228

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1028803

Scores

EPSS 0.0400

EPSS Percentile 89.2%

Details

CWE

CWE-89

Status published

Products (9)

mcafee/epolicy_orchestrator 4.6.0

mcafee/epolicy_orchestrator 4.6.1

mcafee/epolicy_orchestrator 4.6.2

mcafee/epolicy_orchestrator 4.6.3

mcafee/epolicy_orchestrator 4.6.4

mcafee/epolicy_orchestrator 4.6.5

mcafee/epolicy_orchestrator < 4.6.6

mcafee/epolicy_orchestrator_agent 4.5

mcafee/epolicy_orchestrator_agent 4.6

Published Jul 22, 2013

Tracked Since Feb 18, 2026