Sql injection

2009-09-1820:30:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

JSON

SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI.

CPENameOperatorVersion
rasheq1.1.2
rasheq1.1.3
rasheq1.0
rasheq1.2
rashle1.2.2
rasheq1.2.1
rasheq1.1.1
rasheq1.1

Name	Operator	Version
rash	eq	1.1.2
rash	eq	1.1.3
rash	eq	1.0
rash	eq	1.2
rash	le	1.2.2
rash	eq	1.2.1
rash	eq	1.1.1
rash	eq	1.1

References

osvdb.org/57468

packetstormsecurity.org/0908-exploits/rqms-bypass.txt

secunia.com/advisories/36477

www.vupen.com/english/advisories/2009/2446

exchange.xforce.ibmcloud.com/vulnerabilities/52895