2 matches found
DevTrack Web Service UserName Field SQL Injection
The remote host is running DevTrack, a defect and project tracking tool. The DevTrack Web Services component installed on the remote host contains an ASP script that fails to sanitize user-supplied input to the 'UserName' parameter before using it in a database query. An unauthenticated, remote...
CVE-2007-0853
CVE-2007-0853 is a SQL injection in DevTrack 6.0.3. The vulnerability resides in the Web Services component’s handling of the 'UserName' parameter, where unsanitized input is used in a database query. An unauthenticated, remote attacker could manipulate SQL queries via the Username form field, po...