Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MaxWebPortal password.asp memKey Parameter SQL Injection

High

Synopsis

The remote host is vulnerable to a SQL Injection attack.

Description

MaxWebPortal is a web portal that utilizes a backend SQL or MySQL database. This version of MaxWebPortal is vulnerable to a SQL Injection flaw.

An attacker exploiting this flaw would only need to be able to send HTTP queries to the remote application. A successful attack would give the attacker the ability to read and write database data as well as potentially execute arbitrary remote commands on the database server.

Solution

Upgrade to a version 1.360, 2.000 or higher.