Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MaxWebPortal < 1.3.5 Multiple SQL Injection



The remote web server contains a script that is vulnerable to a SQL injection attack.


MaxWebPortal is a web portal that utilizes a backend SQL or MySQL database. This version of MaxWebPortal is vulnerable to multiple SQL Injection flaws. An attacker exploiting these flaws would only need to be able to send HTTP queries to the remote application. A successful attack would give the attacker the ability to read and write database data as well as potentially execute arbitrary remote commands on the SQL or MySQL system.


Upgrade to version 1.3.5 or higher.