CVE-2006-6543

Name of the Vulnerable Software and Affected Versions AppIntellect SpotLight CRM version 1.0

Description The issue concerns SQL injection vulnerabilities in the login.asp file. Remote attackers can execute arbitrary SQL commands by manipulating the UserName and possibly the password parameter.

Recommendations For AppIntellect SpotLight CRM version 1.0, consider restricting access to the login.asp file until a patch is available. As a temporary workaround, avoid using the UserName and password parameters in the login endpoint to minimize the risk of exploitation.