CVE-2023-49440
Description
AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AhnLab EPP Management 1.0.15 is vulnerable to Boolean-based SQL injection via the preview parameter, allowing database compromise and potential RCE.
Vulnerability
A Boolean-based and time-based SQL injection vulnerability exists in AhnLab EPP Management version 1.0.15. The flaw is present in the preview parameter of the web admin interface, specifically in the endpoint /api/console/ems/query/report/preview. The application fails to properly sanitize user input, allowing an attacker to inject SQL commands.[1]
Exploitation
To exploit this vulnerability, an attacker must have network access to the management console and a valid bearer token for authentication. The injection can be performed via a POST request with crafted JSON payloads. The attacker can use Boolean-based or time-based techniques to extract data from the backend database.[1]
Impact
Successful exploitation results in full compromise of the backend database with administrative privileges. This can lead to limited remote code execution (RCE) on the server, potentially allowing the attacker to gain further control over the enterprise endpoint management system.[1]
Mitigation
The vendor has patched this vulnerability in all versions released after v1.0.15 in 2023. Users are strongly advised to upgrade to the latest version to protect against this vulnerability.[1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- ahnlab.comnvd
News mentions
0No linked articles in our index yet.