Epicor Returns Management SOAP Interface SQL Injection Vulnerability
BID:53600
Info
Epicor Returns Management SOAP Interface SQL Injection Vulnerability
| Bugtraq ID: | 53600 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2012 12:00AM |
| Updated: | May 17 2012 12:00AM |
| Credit: | Chris Graham and r@b13$ |
| Vulnerable: |
Epicor Epicor Returns Management 0 |
| Not Vulnerable: | |
Discussion
Epicor Returns Management SOAP Interface SQL Injection Vulnerability
Epicor Returns Management is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, to access or modify data, or to exploit vulnerabilities in the underlying database.
Epicor Returns Management is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, to access or modify data, or to exploit vulnerabilities in the underlying database.
Exploit / POC
Epicor Returns Management SOAP Interface SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Epicor Returns Management SOAP Interface SQL Injection Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
Epicor Returns Management SOAP Interface SQL Injection Vulnerability
References:
References: