CVE-2018-9245

CRITICAL

Ericssonlg Ipecs Nms - SQL Injection

Title source: rule

Description

The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.

Exploits (1)

exploitdb WORKING POC

by Berk Cem Göksel · pythonwebappsphp

https://www.exploit-db.com/exploits/44515

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://gist.github.com/berkgoksel/99ba5c1f3f9f6e4e33e7ad966c007693

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44515/

Scores

CVSS v3 9.8

EPSS 0.1250

EPSS Percentile 94.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

ericssonlg/ipecs_nms a.1ac

Published Apr 22, 2018

Tracked Since Feb 18, 2026