CVE-2019-17503

CVE-2019-17503 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Ramikan. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an HTML injection and reflected XSS vulnerability (CVE-2019-17504) via the 'password' parameter in Kirona DRS 5.5.3.5, as well as an unauthenticated sensitive data disclosure (CVE-2019-17503) through accessible batch files containing SQL queries.

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.