vendor:
SIPve
by:
Ihsan Sencan
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SIPve
Affected Version From: 0.0.2-R19
Affected Version To: 0.0.2-R19
Patch Exists: NO
Related CWE: N/A
CPE: a:sipve:sipve:0.0.2-r19
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018
SIPve 0.0.2-R19 – SQL Injection
SIPve 0.0.2-R19 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'usuario' and 'idgrupo' parameters in the 'monitorasocAcc.php' and 'getGrupoFuncionLoaded.php' scripts, respectively. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered before being passed to the SQL server.
