|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
VPMi Enterprise has been reported to contain an SQL injection issue in the Service_Requests.asp script. Subsequent testing has indicated that while an error exception is thrown on some crafted input, the script will provide the error and sometimes a partial path but will not allow SQL query manipulation. The path disclosed is the same information provided in the URL, so it is not a privileged information disclosure.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Unavailable
OSVDB:
Web Related,
Myth/Fake
|
|
Solution |
The vulnerability reported is incorrect. No solution required.
|
|
Products |
|
VPMi Enterprise
 |
3.3 |
|
|
|
|
Credit |
- RedTeam Pentesting - RedTeam Pentesting
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|