CVE-2019-13079

HIGH

Quest KACE Systems Management Appliance 9.1.317 - Authenticated SQL Injection via TYPE_NAME Parameter

Title source: llm
STIX 2.1

Description

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0123
EPSS Percentile 65.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
quest/kace_systems_management_appliance 9.1.317
Published Nov 06, 2019
Tracked Since Feb 18, 2026