CVE-2017-7952

HIGH

INFOR EAM V11.0 Build 201410 - SQL Injection via Search Filter Value Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7952. PoCs published by Yoroi.

AI-analyzed exploit summary This writeup describes a SQL injection vulnerability in INFOR EAM V11.0 Build 201410, where the 'filtervalue' parameter in search fields is vulnerable when 'filteroperator' is set to 'IN'. It allows authenticated attackers to execute arbitrary SQL queries, potentially leading to full database access.

Description

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.

Exploits (1)

exploitdb WRITEUP
by Yoroi · textwebappsxml
https://www.exploit-db.com/exploits/42028

This writeup describes a SQL injection vulnerability in INFOR EAM V11.0 Build 201410, where the 'filtervalue' parameter in search fields is vulnerable when 'filteroperator' is set to 'IN'. It allows authenticated attackers to execute arbitrary SQL queries, potentially leading to full database access.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: INFOR EAM V11.0 Build 201410
Auth required
Prerequisites: Valid credentials for INFOR EAM · Access to a search or filter field
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/May/55
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42028/

Scores

CVSS v3 8.8
EPSS 0.0144
EPSS Percentile 69.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
infor/enterprise_asset_management 11.0_build_201410
Published May 16, 2017
Tracked Since Feb 18, 2026