CVE-2006-6816

Name of the Vulnerable Software and Affected Versions: DMXReady Secure Login Manager version 1.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in various parameters to different API endpoints, including (1) set preferences.asp, (2) send password preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel, as well as parameters to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite, and the parameter to applications/SecureLoginManager/inc secureloginmanager.asp in the Live Demo.

Recommendations: For DMXReady Secure Login Manager version 1.0, consider disabling access to the vulnerable API endpoints, such as set preferences.asp, send password preferences.asp, and SecureLoginManager/list.asp, until a patch is available. Restrict access to the parameters in login.asp, content.asp, and members.asp to minimize the risk of exploitation. Avoid using the sent parameter in applications/SecureLoginManager/inc secureloginmanager.asp until the issue is resolved.