vendor:
Case Manager
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Case Manager
Affected Version From: 3.4
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
VUNET Case Manager SQL Injection Vulnerability
The VUNET Case Manager application fails to properly sanitize user-supplied data before using it in an SQL query. This allows an attacker to inject malicious SQL code, potentially compromising the application and gaining unauthorized access to or modifying data. It may also expose latent vulnerabilities in the underlying database.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate all user-supplied input before using it in SQL queries. Prepared statements or parameterized queries should be used to prevent SQL injection attacks.
