vendor:
SonicMailer Pro
by:
ajann
7.5
CVSS
HIGH
Remote Blind SQL Injection
CWE
Product Name: SonicMailer Pro
Affected Version From: SonicMailer Pro <= 3.2.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
SonicMailer Pro <= 3.2.3 (index.php) Remote Blind SQL Injection Exploit
This exploit allows an attacker to perform a blind SQL injection attack on SonicMailer Pro version 3.2.3. By exploiting this vulnerability, the attacker can retrieve the usernames and passwords of the administrators of the SonicMailer Pro application.
Mitigation:
Upgrade to a patched version of SonicMailer Pro that fixes the SQL injection vulnerability.