vendor:
Series A
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Series A
Affected Version From: 7.2.0.19
Affected Version To: 7.4.0.7
Patch Exists: NO
Related CWE:
CPE: a:ultra_electronics:series_a
Platforms Tested: Linux
2014
Ultra Electronics / AEP Networks – SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities
The 'realm' parameter in the URL is vulnerable to SQL injection. An attacker can use sqlmap to exploit this vulnerability.
Mitigation:
Implement proper input validation and sanitization to prevent SQL injection attacks. Patch or update the affected software to the latest version.