漏洞描述
Esri ArcGIS Insights Desktop是美国环境系统研究所(Esri)公司的一个数据分析工作台。 Esri ArcGIS Insights Desktop 2022.1(Windows、Mac)版本存在SQL注入漏洞,该漏洞源于允许本地授权攻击者针对后端数据库执行任意 SQL 命令。
Esri ArcGIS Insights Desktop SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- Docker Desktop Engine API 未授权访问漏洞
- 新华通软件云平台 /Main/Desktop/Default.aspx 权限绕过漏洞
- POC CVE-2018-13980: Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
- POC CVE-2018-19439: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
- POC CVE-2020-10189: ManageEngine Desktop Central Java Deserialization
- POC CVE-2021-44515: Zoho ManageEngine Desktop Central - Remote Code Execution
- POC CVE-2023-2479: Appium Desktop Server - Remote Code Execution
- POC CVE-2024-0250: Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
- POC rds-insights-disabled: RDS Performance Insights - Disabled
- POC azure-appservice-insights-not-enabled: Azure App Service Application Insights Not Enabled
- POC azure-functionapp-appinsights-missing: Application Insights Integration for Azure Function Apps
- POC hongfan-iodesktopdata-sqli: 红帆iOffice ioDesktopData.asmx接口SQL注入
- POC rdp-connections-without-password-allowed: Remote Desktop Connections Allowed Without Password