The Al-Amthal HRMS solution Optimum suffers from a remote SQL injection vulnerability.
2480954c9debb8ae4c0fab7c1ad09901Default.ASPX SQL Injection Vulnerability: Al-Amthal HRMS Solution-Optimum
Remote: Yes
Local: Yes
Class: Input Validation Error
Critical: Moderately critical
URL: http://www.example.com/optimum/default.aspx?page=Search&app=Search&srch=[sql]
[sql]=[-1/**/UNION/**/ALL/**/SELECT/**/1,2]
Published: April 6, 2008
Discovered by: TaMbaRuS (tambarus@gmail.com)
Site: www.al-amthal.com
Description:
Optimum is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Optimum HRMS Application 2.0 is reported vulnerable; other versions may also be affected.
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!