SQL Injection vulnerability in Billwerx

vendor:

Billwerx

by:

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Billwerx

Affected Version From: Billwerx RC5.2.2 PL2

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

SQL Injection vulnerability in Billwerx

The Billwerx application is prone to an SQL-injection vulnerability due to insufficient sanitization of user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent SQL injection attacks. Input parameters should be validated and sanitized before using them in database queries.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/39867/info

Billwerx is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Billwerx RC5.2.2 PL2 is vulnerable; other versions may also be affected. 

The following example URI is available:

http://www.example.com/billwerx_rc522_pl2/request_account.php?campaign_id=1&group_id=6&interest_id=6&first_name=indoushka&last_name=indoushka&company_name=indoushka&home_number=indoushka&get_primary=indoushka&work_number=indoushka&mobile_number=indoushka&email_address=indoushka&comments=indoushka&request=REQUEST&close=CLOSE&primary_number=' [(SQL)]