Unrated severityNVD Advisory· Published Jan 26, 2014· Updated Apr 29, 2026

CVE-2014-1671

Description

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.

Affected products

Dell/Kace K1000 Systems Management Appliance Software
cpe:2.3:a:dell:kace_k1000_systems_management_appliance_software:5.4.76847:*:*:*:*:*:*:*
Dell/Kace K1000 Systems Management Virtual Appliance
cpe:2.3:a:dell:kace_k1000_systems_management_virtual_appliance:-:*:*:*:*:*:*:*
Dell/Kace K1000 Systems Management Appliance
cpe:2.3:h:dell:kace_k1000_systems_management_appliance:-:*:*:*:*:*:*:*
Dell/Kace K1100s Systems Management Appliance
cpe:2.3:h:dell:kace_k1100s_systems_management_appliance:-:*:*:*:*:*:*:*
Dell/Kace K1200s Systems Management Appliance
cpe:2.3:h:dell:kace_k1200s_systems_management_appliance:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000