SQL Injection in Bigantsoft Bigant_im_message_server

CVE-2012-6273

SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request.

Vulnerability class: SQL Injection

EPSS: 0.004 (59.4th percentile) — read the EPSS interpretation.

Affected products

Bigantsoft Bigant_im_message_server
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

VU#990652 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)