CVE-2016-8025

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.

Published: Mar 14, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-8025
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.2
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
mcafee / virusscan_enterprise	-	2.0.3.x

http://www.securityfocus.com/bid/94823
http://www.securitytracker.com/id/1037433
https://kc.mcafee.com/corporate/index?page=content&id=SB10181
https://www.exploit-db.com/exploits/40911/

Vulnerability Database

289,697

CVE-2016-8025