CVE-2014-2587

McAfee Asset Manager 6.6 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2587. PoCs published by Brandon Perry.

AI-analyzed exploit summary The document describes multiple vulnerabilities in McAfee Asset Manager v6.6, including an authenticated arbitrary file read via directory traversal and an authenticated SQL injection via the 'user' parameter in the audit report functionality. It provides technical details and example HTTP requests for exploitation.

Description

SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).

Exploits (1)

exploitdb WRITEUP

by Brandon Perry · textwebappsjsp

https://www.exploit-db.com/exploits/32368

View Code ZIP pw:eip

The document describes multiple vulnerabilities in McAfee Asset Manager v6.6, including an authenticated arbitrary file read via directory traversal and an authenticated SQL injection via the 'user' parameter in the audit report functionality. It provides technical details and example HTTP requests for exploitation.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: McAfee Asset Manager v6.6

Auth required

Prerequisites: Authenticated access to the McAfee Asset Manager web interface

MITRE ATT&CK