ACEware Systems ACEweb Online Portal is a component of the Student Manager solution from ACEware Systems, Inc. A SQL injection vulnerability exists in ACEware Systems ACEweb Online Portal version 3.5.065, which stems from The conditional parameter in showchedule.awp lacks validation for external input SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
aceware systems aceware systems aceweb online portal | eq | 3.5.065 |