Summary
Digital Scribe is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Digital Scribe 1.4.1 is vulnerable
other versions may also be
affected.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- ALCASAR Remote Code Execution Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution