Angel Learning Management Suite Default.ASP SQL Injection Vulnerability

Bugtraq ID:	22768
Class:	Input Validation Error
CVE:	CVE-2007-1250
Remote:	Yes
Local:	No
Published:	Mar 01 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Craig Heffner is credited with the discovery of this vulnerability.
Vulnerable:	ANGEL Learning ANGEL Learning Management Suite 7.1
Not Vulnerable:

Angel Learning Management Suite Default.ASP SQL Injection Vulnerability

ANGEL Learning Management Suite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects version 7.1.

Angel Learning Management Suite Default.ASP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://www.example.com/section/default.asp?id='%20union%20select%20top%201%20username%20from%20faculty_accounts--"

Angel Learning Management Suite Default.ASP SQL Injection Vulnerability

Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining the appropriate updates.

Angel Learning Management Suite Default.ASP SQL Injection Vulnerability

References:

• ANGEL Learning Management System Homepage (ANGEL Learning)
  
• Angel LMS 7.1 - Remote SQL Injection ([email protected])