Aeries Browser Interface (ABI) version 3.8.3.14 suffers from SQL injection and cross site scripting vulnerabilities.
1fe15ab8dcf2cc124a23e29d5a6aa18293483b78dca241f06b311443b63086e8
Discovered By : Arsalan Emamjomehkashan
aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
Website:http://aeries.com/
SQL injection:
GradebookOptions.asp?GrdBk=SQL
loginproc.asp If you post variable "SchlCode"
XSS:
UserName variable on loginproc.asp and usr on Login.asp