SQL injection vulnerability in Data Loss Protection (DLP)...
High severity
Unreviewed
Published
Jan 25, 2022
to the GitHub Advisory Database
•
Updated Nov 24, 2023
Description
Published by the National Vulnerability Database
Jan 24, 2022
Published to the GitHub Advisory Database
Jan 25, 2022
Last updated
Nov 24, 2023
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation.
References