Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
advisories/2020/CVE-2020-12606/
advisories/2020/CVE-2020-12606/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2020-12606: SQL injection in SGLAC

Vendor: DBSOFT
Vendor URL: http://www.dbsoft.es/es-es/productos/sglac.aspx
Versions affected: SGLAC <20.05.001
Discovered by: Pablo Martinez (@xassiz)
Public fix: Yes
Proof of Concept: No

Summary

SGLAC web frontend (<20.05.001) is prone to an unauthenticated SQL injection.

Details

The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server.

Impact

Command execution can be easily achieved by using the xp_cmdshell stored procedure.

Recommendation

Update to a fixed version (=>20.05.001).

Timeline

  • 28/04/2020 - Vendor contact
  • 27/05/2020 - Release of fixed version