OpenEngine 'id' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

openEngine is prone to an SQL Injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. openEngine 2.0 is vulnerable other versions may also be affected.

References

http://www.openengine.de/
http://www.securityfocus.com/bid/49794

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
Apache Axis2 Document Type Declaration Processing Security Vulnerability
3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
ASP Inline Corporate Calendar SQL injection
Apache Struts2 Redirection and Security Bypass Vulnerabilities

openEngine 'id' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities