vendor:
IT Armory Component
by:
Craw
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: IT Armory Component
Affected Version From: 0.1.4
Affected Version To: 0.1.4
Patch Exists: Yes
Related CWE: N/A
CPE: a:intherapy:it_armory_component
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
SQL Injection in InTherapy IT Armory Component 0.1.4
A SQL injection vulnerability exists in InTherapy IT Armory Component 0.1.4. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the affected parameter. This can be exploited to disclose the content of the back-end database, modify data, compromise the back-end database, and potentially compromise other systems that are connected to the same back-end database.
Mitigation:
The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.
