Programi Bilanc build 007 release 014 31.01.2020 suffers from multiple remote SQL injection vulnerabilities.
3742b4fc1769d765e3017cbd022f8350db3e8fbbdc4c6e73a5dd6e4c926b8800Programi Bilanc - Build 007 Release 014 31.01.2020 - Multiple SQL Injections
=============================================================================
Identifiers
-------------------------------------------------
CVE-2020-11717
Vendor
-------------------------------------------------
Balanc Shpk (https://bilanc.com)
Product
-------------------------------------------------
Programi Bilanc
Affected versions
-------------------------------------------------
Programi Bilanc - Build 007 Release 014 31.01.2020 and probably below
Credit
-------------------------------------------------
Georg Ph E Heise (@gpheheise) / Lufthansa Industry Solutions (@LHIND_DLH)
Christian Pappas / Lufthansa Industry Solutions (@LHIND_DLH)
Vulnerability summary
-------------------------------------------------
Programi Bilanc - Build 007 Release 014 31.01.2020 and below suffers from multiple SQL Injection vulnerabilities due to unprepared statements .
Technical details
------------------------------------------------
When searching for products or services entering modified content an attacker can trigger Reflected Cross-Site
scriptings
Proof of concept
-------------------------------------------------
Witheld
Solution
-------------------------------------------------
Don’t use the software in its current version & contact vendor for a solution
Timeline
-------------------------------------------------
Date| Status
------------|--------------------
01–APR-2020 | Reported to vendor
30-JUN-2020 | End of 90 days Full Disclosure Time
17-DEZ-2020 | FULL disclosure
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed