CVE-2008-1549

Name of the Vulnerable Software and Affected Versions Aeries Browser Interface (ABI) version 3.8.3.14

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the GrdBk parameter to "GradebookOptions.asp" and the SchlCode variable to "loginproc.asp".

Recommendations For Aeries Browser Interface (ABI) version 3.8.3.14, consider restricting access to the "GradebookOptions.asp" and "loginproc.asp" pages until a fix is available. As a temporary workaround, avoid using the GrdBk parameter and the SchlCode variable in the respective API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.