CVE-2022-26959

Name of the Vulnerable Software and Affected Versions Northstar Club Management version 6.3

Description The issue concerns two Blind/Time-based SQL injection vulnerabilities. These exist in the userName parameter of the "processlogin.jsp" page in the "/northstar/Portal/" directory and the userID parameter of the "login.jsp" page in the "/northstar/iphone/" directory. Exploitation allows full access to the database, which contains critical organizational data.

Recommendations For Northstar Club Management version 6.3, consider disabling the processlogin.jsp and login.jsp pages until a patch is available to prevent exploitation of the SQL injection vulnerabilities in the userName and userID parameters. Restrict access to the "/northstar/Portal/" and "/northstar/iphone/" directories to minimize the risk of exploitation. Avoid using the userName and userID parameters in the affected pages until the issue is resolved.