CVE-2015-8298

Name of the Vulnerable Software and Affected Versions RXTEC RXAdmin UPDATE 06 / 2012

Description The issue concerns SQL injection vulnerabilities in the login page. Remote attackers can execute arbitrary SQL commands by manipulating specific parameters to the index.htm page, including the loginpassword, loginusername, zusatzlicher, and groupid parameters, or by altering the rxtec cookie.

Recommendations For RXTEC RXAdmin UPDATE 06 / 2012, consider restricting access to the login page until a fix is available, and avoid using the vulnerable parameters loginpassword, loginusername, zusatzlicher, and groupid in the index.htm page, as well as the rxtec cookie.