Improper Neutralization of Special Elements in Data Query Logic

CVE-2018-7829

High

8.8/10

Summary

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

References

Advisory Timeline

Published May 22, 2019

Improper Neutralization of Special Elements in Data Query Logic

CVE-2018-7829

Summary

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS