vendor:
Web Solutions
by:
tempe_mendoan
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Web Solutions
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Web Solutions Wcs2u SQL Injection Vulnerability
A SQL injection vulnerability exists in Web Solutions Wcs2u, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient input validation when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. Successful exploitation of this vulnerability could result in unauthorized access to sensitive information, or the execution of arbitrary SQL commands on the underlying database.
Mitigation:
Input validation should be performed to ensure that user-supplied input is properly sanitized. Additionally, the application should be configured to use parameterized queries to prevent SQL injection attacks.
