PT-2014-6172 · Sabre · Sabre Aircentre Crew

Published

2014-07-26

Updated

2015-10-06

CVE-2014-4858

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Sabre AirCentre Crew products version 2010.2.12.20008 and earlier

Description The issue concerns SQL injection vulnerabilities in the CWPLogin.aspx file of Sabre AirCentre Crew products. Remote attackers can execute arbitrary SQL commands by manipulating the username or password fields.

Recommendations For versions 2010.2.12.20008 and earlier, update to a version that contains a fix for this issue to prevent SQL injection attacks.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2014-4858

Affected Products

Sabre Aircentre Crew

PT-2014-6172 · Sabre · Sabre Aircentre Crew

CVE-2014-4858

Weakness Enumeration

Related Identifiers

Affected Products

References · 3