Advantech WebAccess ICSA-18-135-01 Multiple Security Vulnerabilities
Advantech WebAccess is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. An information-disclosure vulnerability
3. A file-upload vulnerability
4. Multiple directory-traversal vulnerabilities
5. Multiple stack-based buffer-overflow vulnerabilities
6. A heap-based buffer-overflow vulnerability
7. Multiple arbitrary code-execution vulnerabilities
8. A denial-of-service vulnerability
9. A security-bypass vulnerability
10. A privilege-escalation vulnerability
An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions.
versions prior to Advantech WebAccess 8.3.1 are vulnerable.