According to the reporter, the Sungard eTRAKiT3 software version 188.8.131.52 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-6566
According to the reporter, the valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. According to the reporter, eTRAKiT 184.108.40.206 was tested, but other versions may also be vulnerable.
A remote unauthenticated attacker may be able to run a subset of SQL commands against the back-end database.
Apply a patch
Thanks to Illumant for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2016-12-06|
|Date Last Updated:||2016-12-12 14:00 UTC|