RSS   Vulnerabilities for 'Evisit analyst'   RSS

2007-07-11
 
CVE-2007-3677

CWE-89
 

 
Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.

 


Copyright 2024, cxsecurity.com

 

Back to Top