Revize.CMS.Query_results.JSP.SQL.Injection
Description
SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter.
Affected Products
Revize CMS 4.x
Impact
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Recommended Actions
Edit the source code to ensure that input is properly sanitised and ensure that files exposing sensitive information to users is not placed accessible inside the web root.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |