11 lines
No EOL
829 B
Text
11 lines
No EOL
829 B
Text
source: https://www.securityfocus.com/bid/39867/info
|
|
|
|
Billwerx is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
Billwerx RC5.2.2 PL2 is vulnerable; other versions may also be affected.
|
|
|
|
The following example URI is available:
|
|
|
|
http://www.example.com/billwerx_rc522_pl2/request_account.php?campaign_id=1&group_id=6&interest_id=6&first_name=indoushka&last_name=indoushka&company_name=indoushka&home_number=indoushka&get_primary=indoushka&work_number=indoushka&mobile_number=indoushka&email_address=indoushka&comments=indoushka&request=REQUEST&close=CLOSE&primary_number=' [(SQL)] |