Multiple Authenticated SQL Injection Vulnerabilities in UISP Application

Summary

Multiple authenticated SQL injection vulnerabilities were discovered in UISP Application version 2.4.206 and earlier. These vulnerabilities allow a malicious user with low privileges to escalate privileges and potentially execute unauthorized queries, leading to full system compromise.

Impact

Successful exploitation may allow attackers to: Escalate privileges to admin level Read/write sensitive database content Disrupt application availability

Affected Products

CVSS Metrics

CWE Information