CVE-2019-13078
HIGHQuest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via sort_column Parameter
Title source: llmDescription
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column.
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.quest.com/products/kace-systems-management-appliance/
Vendor Advisory x_refsource_misc
https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report
Scores
CVSS v3
8.8
EPSS
0.0123
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
quest/kace_systems_management_appliance
9.1.317
Published
Nov 06, 2019
Tracked Since
Feb 18, 2026