Article - CS270692
A CGI application hosted on the remote web server is potentially prone to SQL injection attack in ThingWorx
Modified: 18-Sep-2017
Applies To
- ThingWorx Platform 5.4
Description
- By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, client was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database.
This is a printer-friendly version of Article 270692 and may be out of date. For the latest version click CS270692