Multiple SepCity Products Unspecified SQL Injection Vulnerability
BID:50942
Info
Multiple SepCity Products Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 50942 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 07 2011 12:00AM |
| Updated: | Dec 07 2011 12:00AM |
| Credit: | The vendor has reported this issue. |
| Vulnerable: |
SepCity Sports Manager 0 SepCity Speakers' Bureau 0 SepCity News Manager 0 SepCity Faculty Portal 0 SepCity Event Calendar 0 SepCity Alumni Relations 0 |
| Not Vulnerable: | |
Discussion
Multiple SepCity Products Unspecified SQL Injection Vulnerability
Multiple SepCity products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following products are vulnerable:
Alumni Relations
Event Calendar
Faculty Portal
News Manager
Speakers' Bureau
Sports Manager
Multiple SepCity products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following products are vulnerable:
Alumni Relations
Event Calendar
Faculty Portal
News Manager
Speakers' Bureau
Sports Manager
Exploit / POC
Multiple SepCity Products Unspecified SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Multiple SepCity Products Unspecified SQL Injection Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
Multiple SepCity Products Unspecified SQL Injection Vulnerability
References:
References:
- Fixed Security Issues in our Free ASP Apps (SepCity)
- SepCity Homepage (SepCity)