CVE-2010-2686

Name of the Vulnerable Software and Affected Versions TopManage OLK module version 1.91.30 for SAP

Description The issue allows remote attackers to execute arbitrary SQL commands via vulnerable parameters in the clientes.asp file. Specifically, the PriceFrom, PriceTo, and InvFrom parameters are affected, as reachable from the "olk/c p/searchCart.asp" endpoint and other unspecified vectors when performing an advanced search.

Recommendations For TopManage OLK module version 1.91.30, avoid using the PriceFrom, PriceTo, and InvFrom parameters in the affected API endpoint until the issue is resolved. Restrict access to the clientes.asp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.