CVE-2015-1605 – Dell ScriptLogic Asset Manager GetProcessedPackage SQL Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-1605

20 Feb 2015 — Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx. Múltiples vulnerabilidades de inyección SQL en Dell ScriptLogic Asset Manager (también conocido como Quest Workspace Asset Manager) anterior a 9.5 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados e... • http://www.securityfocus.com/bid/72697 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •