vendor:
Courier Tracking Software
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Courier Tracking Software
Affected Version From: 6.0
Affected Version To: 6.0
Patch Exists: NO
Related CWE: N/A
CPE: a:eagletechnosys:courier_tracking_software:6.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Courier Tracking Software v6.0 – SQL Injection
Courier Tracking Software v6.0 is vulnerable to SQL Injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by manipulating the 'view_id' and 'ser_id' parameters of the 'eaglecov6.php' script. By exploiting this vulnerability, attackers can gain access to sensitive information such as usernames, passwords, hub_name, hidden_pass, entrydate, onlinestatus, and status.
Mitigation:
Developers should always sanitize user input and use parameterized queries to prevent SQL Injection attacks.
