PT-2007-7351 · Eagle · Eagle Software Aeries Browser Interface
Published
2007-12-24
·
Updated
2018-10-15
·
CVE-2007-6517
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Eagle Software Aeries Browser Interface (ABI) version 3.7.9.17
Description
The issue concerns a SQL injection vulnerability in the forget password section, specifically in the LostPwd.asp file. This vulnerability allows remote attackers to execute arbitrary SQL commands via the
EmailAddress parameter.Recommendations
For version 3.7.9.17, consider restricting access to the LostPwd.asp file or the
EmailAddress parameter to minimize the risk of exploitation until a patch is available. Avoid using the EmailAddress parameter in the affected section until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eagle Software Aeries Browser Interface