CVE-2019-13076

HIGH

Quest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via order Parameters

Title source: llm
STIX 2.1

Description

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir].

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0123
EPSS Percentile 65.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
quest/kace_systems_management_appliance 9.1.317
Published Nov 06, 2019
Tracked Since Feb 18, 2026