|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
The specific flaw exists in the handling of summary_opt report requests. The vulnerability is caused by the lack of input validation before using remotely supplied strings to construct SQL queries. By sending a specially crafted request to a vulnerable system, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code in the context of the process.
|CREDIT||Brian Gorenc -Trend Micro Zero Day Initiative