{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T13:13:08.124","vulnerabilities":[{"cve":{"id":"CVE-2019-17117","sourceIdentifier":"cve@mitre.org","published":"2019-10-17T18:15:12.690","lastModified":"2024-11-21T04:31:43.620","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL en el archivo processPref.jsp en WiKID 2FA Enterprise Server versiones hasta 4.2.0-b2053, permite a un usuario autenticado ejecutar comandos SQL arbitrarios por medio del parámetro key del archivo processPref.jsp."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.81:b676:*:*:*:*:*:*","matchCriteriaId":"4753C348-0E95-42C1-9046-A6F0A925BFA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.85:b780:*:*:*:*:*:*","matchCriteriaId":"742AF05F-BDFC-4B5D-B7C2-16EBB12423EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1092:*:*:*:*:*:*","matchCriteriaId":"0A8A4B86-C166-41BF-91F8-3A0E5935DFE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1159:*:*:*:*:*:*","matchCriteriaId":"5F0AD527-F28E-4D31-B3E4-164E50C7AE57"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1169:*:*:*:*:*:*","matchCriteriaId":"3700CDE8-3E6F-45BB-ABAF-F39F47421114"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1216:*:*:*:*:*:*","matchCriteriaId":"9895837A-1172-4033-A431-77F959E742AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b824:*:*:*:*:*:*","matchCriteriaId":"EF2A28EA-E801-4E48-9C7C-7F2338D601B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b839:*:*:*:*:*:*","matchCriteriaId":"B6061A10-388F-43F1-A60B-E05BFB8D9ADB"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1342:*:*:*:*:*:*","matchCriteriaId":"1639C27B-E99D-4E4C-8359-BF1DAA540077"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1352:*:*:*:*:*:*","matchCriteriaId":"D35F177D-13EB-4BF8-85D6-96D311A1F393"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1359:*:*:*:*:*:*","matchCriteriaId":"80491F52-2BB1-4CA6-B029-773D7648D618"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1373:*:*:*:*:*:*","matchCriteriaId":"A640A1D2-F902-48CD-A5CF-431254B9A4B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1403:*:*:*:*:*:*","matchCriteriaId":"3E9584C7-368F-40CB-9424-3C7D3206A9EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1411:*:*:*:*:*:*","matchCriteriaId":"203D7585-27A1-4F82-89ED-2B7B266C18D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1421:*:*:*:*:*:*","matchCriteriaId":"5F9CAFF9-F38C-4598-BE10-C9B4BDCEFB20"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1428:*:*:*:*:*:*","matchCriteriaId":"BC4359FB-27A1-445D-9C6D-F179E67A59E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1438:*:*:*:*:*:*","matchCriteriaId":"DC403DA6-072D-4DC2-9EB0-2CE79BF581AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1472:*:*:*:*:*:*","matchCriteriaId":"38944F12-D0AD-460D-8057-9DE11B0FD511"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1542:*:*:*:*:*:*","matchCriteriaId":"FB04F7A6-77BD-4810-83E4-6F82EA0EFB62"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1580:*:*:*:*:*:*","matchCriteriaId":"C4F8E828-9BCE-4E5D-95F2-A3636D6158F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.6.0:b1659:*:*:*:*:*:*","matchCriteriaId":"5674FE03-7B90-4F49-B7F9-A8ADBF25FC00"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.6.0:b1672:*:*:*:*:*:*","matchCriteriaId":"284197BB-7B78-425B-8410-5C3717749B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1787:*:*:*:*:*:*","matchCriteriaId":"7A74FCAD-E081-4FF1-B49D-A542197A25FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1798:*:*:*:*:*:*","matchCriteriaId":"CE459BA2-3B76-4A4E-BEAD-10B21EB6D5F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1803:*:*:*:*:*:*","matchCriteriaId":"7E6CF12D-F364-42EC-94F4-D168B9B7AE34"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1817:*:*:*:*:*:*","matchCriteriaId":"51FBB683-6236-4AF4-8BC9-45E445B05065"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1821:*:*:*:*:*:*","matchCriteriaId":"CA967277-B0F1-4D91-9FE5-5DC6718E8B5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1905:*:*:*:*:*:*","matchCriteriaId":"68E22857-BEA7-4C36-B044-3B1CF70CDB37"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1906:*:*:*:*:*:*","matchCriteriaId":"5EE7F837-AB7C-4743-8380-A479ADC8B9E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.2:b1917:*:*:*:*:*:*","matchCriteriaId":"7C873DAC-3CDE-439B-B337-94C5C1589DF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.2:b1921:*:*:*:*:*:*","matchCriteriaId":"21E0DC7C-D1E6-4836-A367-0E00AA82F208"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1926:*:*:*:*:*:*","matchCriteriaId":"74586937-9BF8-4D5A-AD5F-131DE95CB4CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1941:*:*:*:*:*:*","matchCriteriaId":"F519574C-6A12-4469-8A66-91CEA680CD70"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1949:*:*:*:*:*:*","matchCriteriaId":"DE822EC3-D06E-42A6-A6B6-28B1F1A73831"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1955:*:*:*:*:*:*","matchCriteriaId":"23B9CEEC-EE7F-489E-B764-331263183CE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1978:*:*:*:*:*:*","matchCriteriaId":"C77D0966-21EA-4DB3-8AE7-83F745FB7820"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1981:*:*:*:*:*:*","matchCriteriaId":"3D3B0A02-93F4-492D-810A-720448C624BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1984:*:*:*:*:*:*","matchCriteriaId":"70ACC996-D417-48C9-9376-40AECBC0273C"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2007:*:*:*:*:*:*","matchCriteriaId":"CDA6CDF4-46F8-43F6-8843-61A05ADDD505"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2014:*:*:*:*:*:*","matchCriteriaId":"D53E57B3-DFFB-448C-9610-463978C9E489"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2016:*:*:*:*:*:*","matchCriteriaId":"2E37F883-B939-4F6F-B20F-3ABB43BDBD1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2020:*:*:*:*:*:*","matchCriteriaId":"20533E08-D4C3-42E5-8DE9-94F30710829A"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2023:*:*:*:*:*:*","matchCriteriaId":"A13F872F-C8F2-49D4-9A05-49AA8DE3994E"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2028:*:*:*:*:*:*","matchCriteriaId":"F03ADD91-7621-4314-A1DF-380CC51EBE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2032:*:*:*:*:*:*","matchCriteriaId":"5D164551-F37A-4F3E-9868-C5CC2578144E"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2047:*:*:*:*:*:*","matchCriteriaId":"807A8ECD-CC2A-4141-B060-0C6FA65040F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2053:*:*:*:*:*:*","matchCriteriaId":"D38FF13A-B9DB-469A-B492-49379BC5B5A9"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2019/Oct/35","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2019/Oct/35","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}