PT-2017-6845 · Gsi · Gsi Winpat Portal

Florian Bogner

Published

2017-10-18

Updated

2017-11-06

CVE-2015-5376

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GSI WiNPAT Portal versions 3.2.0.1001 through 3.6.1.0

Description The issue allows remote attackers to execute arbitrary SQL commands via the username field in the login form.

Recommendations For versions 3.2.0.1001 through 3.6.1.0, update to a version that contains a fix for this issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2015-5376

Gsi Winpat Portal