What is CVE-2014-0763?

CVE-2014-0763 is a vulnerability in Advantech Advantech_webaccess, classified under SQL Injection. Published 2014-04-12.

Is CVE-2014-0763 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Advantech Advantech_webaccess

CVE-2014-0763

An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpec…

Vulnerability class: SQL Injection

EPSS: 0.579 (98.2th percentile) — read the EPSS interpretation.

Affected products

Advantech Advantech_webaccess — versions 5.0, 6.0, 7.0
Advantech Webaccess — versions 7.2, 0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ics-cert@hq.dhs.gov
66740 (vdb-entry, x_refsource_BID)
ics-cert@hq.dhs.gov
af854a3a-2127-422b-91ae-364da2661108 (US Government Resource)

Frequently asked questions

What is CVE-2014-0763?: CVE-2014-0763 is a vulnerability in Advantech Advantech_webaccess, classified under SQL Injection. Published 2014-04-12.
Is CVE-2014-0763 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.