GPWeb CVE-2017-15875 SQL Injection Vulnerability
BID:106049
Info
GPWeb CVE-2017-15875 SQL Injection Vulnerability
| Bugtraq ID: | 106049 |
| Class: | Input Validation Error |
| CVE: |
CVE-2017-15875 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 18 2017 12:00AM |
| Updated: | Dec 18 2017 12:00AM |
| Credit: | Augusto Pereira |
| Vulnerable: |
Sistema GP-Web GPWeb 8.4.61 |
| Not Vulnerable: | |
Discussion
GPWeb CVE-2017-15875 SQL Injection Vulnerability
GPWeb is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input; fixes are available.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GPWeb version 8.4.61 and prior versions are vulnerable.
GPWeb is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input; fixes are available.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GPWeb version 8.4.61 and prior versions are vulnerable.