CVE-2019-13076
HIGHQuest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via order Parameters
Title source: llmDescription
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir].
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.quest.com/products/kace-systems-management-appliance/
Vendor Advisory x_refsource_misc
https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report
Scores
CVSS v3
8.8
EPSS
0.0123
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
quest/kace_systems_management_appliance
9.1.317
Published
Nov 06, 2019
Tracked Since
Feb 18, 2026