header-logo
Suggest Exploit
vendor:
Enterprise Connector
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Enterprise Connector
Affected Version From:
Affected Version To:
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Enterprise Connector SQL Injection Vulnerability

The Enterprise Connector application is prone to SQL injection vulnerabilities. These vulnerabilities occur when the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted request to the '/send.php' endpoint with a malicious SQL payload in the 'messageid' parameter. Successful exploitation of this vulnerability could lead to compromise of the application, disclosure or modification of data, or allow the attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. Developers should use parameterized queries or prepared statements to prevent SQL injection attacks. Additionally, the application should have strong access controls and permissions to limit the potential impact of a successful attack.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15578/info

Enterprise Connector is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

/send.php?messageid=[SQL]