Sabre AirCentre Crew 'CWPLogin.aspx' Multiple SQL Injection Vulnerabilities
BID:68899
Info
Sabre AirCentre Crew 'CWPLogin.aspx' Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 68899 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-4858 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 25 2014 12:00AM |
| Updated: | Jul 25 2014 12:00AM |
| Credit: | Youssef Manar |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Sabre AirCentre Crew 'CWPLogin.aspx' Multiple SQL Injection Vulnerabilities
AirCentre Crew is prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied input.
An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
AirCentre Crew 2010.2.12.20008 is vulnerable; other versions may also be affected.
AirCentre Crew is prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied input.
An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
AirCentre Crew 2010.2.12.20008 is vulnerable; other versions may also be affected.
Exploit / POC
Sabre AirCentre Crew 'CWPLogin.aspx' Multiple SQL Injection Vulnerabilities
An attacker can exploit these issues using a web browser.
An attacker can exploit these issues using a web browser.
Solution / Fix
Sabre AirCentre Crew 'CWPLogin.aspx' Multiple SQL Injection Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Sabre AirCentre Crew 'CWPLogin.aspx' Multiple SQL Injection Vulnerabilities
References:
References: