PT-2014-3277 · Avanset · Avanset Visual Certexam Manager
Publicado
2014-01-24
·
Atualizado
2016-12-31
·
CVE-2013-7175
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Avanset Visual CertExam Manager versions 3.3 and earlier
Description
The issue allows remote authenticated users to execute arbitrary SQL commands via the
Title, File name, or Candidate Name field, potentially leading to unauthorized data access or modification.Recommendations
For Avanset Visual CertExam Manager versions 3.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Avanset Visual Certexam Manager