A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.
Conclusion & alert: CVE-2019-17117 is rated High Exploit Risk (77.5/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.75%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.12% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.63% | 1.75% | +1.12% |
| 2 | 2025-11-21 | 1.61% | 0.63% | -0.99% |
| 3 | 2025-11-18 | — | 1.61% | — |
Full EPSS history (15 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | [email protected] |
| 6.5 | 2.0 | MEDIUM |
|
8.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| wikidsystems | 2fa_enterprise_server | 3.4.81 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.81:b676:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.4.85 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.85:b780:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.4.87 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1092:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.4.87 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1159:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.4.87 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1169:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.4.87 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b1216:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.4.87 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b824:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.4.87 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.4.87:b839:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1342:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1352:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1359:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1373:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1403:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1411:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1421:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1428:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1438:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1472:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1542:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.5.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.5.0:b1580:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.6.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.6.0:b1659:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 3.6.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:3.6.0:b1672:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1787:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1798:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0:b1803:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0.1 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1817:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0.1 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1821:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0.1 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1905:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0.1 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.1:b1906:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0.2 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.2:b1917:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.0.2 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.0.2:b1921:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.1.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1926:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.1.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1941:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.1.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1949:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.1.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.1.0:b1955:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1978:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1981:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b1984:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2007:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2014:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2016:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2020:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2023:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2028:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2032:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2047:*:*:*:*:*:* |
| wikidsystems | 2fa_enterprise_server | 4.2.0 | cpe:2.3:a:wikidsystems:2fa_enterprise_server:4.2.0:b2053:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/154912/WiKID-Systems-2FA-Enterprise-Server-4.2.0-b2032-SQL-Injection-XSS-CSRF.html | Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2019/Oct/35 | Mailing List Third Party Advisory |
| https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection | Exploit Patch Third Party Advisory |