CVE-2018-14874

Name of the Vulnerable Software and Affected Versions Polaris FT Intellect Core Banking version 9.7.1

Description An issue in the Armor module allows SQL injection with an authenticated session. This occurs because input passed through the code parameter in certain pages, such as "collaterals/colexe3t.jsp", "/references/refsuppu.jsp", and "/references/refbranu.jsp", is mishandled before being used in SQL queries.

Recommendations For Polaris FT Intellect Core Banking version 9.7.1, consider restricting access to the affected pages, specifically "collaterals/colexe3t.jsp", "/references/refsuppu.jsp", and "/references/refbranu.jsp", to minimize the risk of exploitation. Avoid using the code parameter in these pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.