This host is installed with openSIS and is prone to SQL injection vulnerability.

Successful exploitation will allow remote attackers to execute arbitrary SQL statements on the vulnerable system, which may leads to access or modify data in the underlying database. Impact Level: Application

No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.opensis.com/

Flaw is due to 'index.php' script which does not validate input via the 'USERNAME' & 'PASSWORD' parameters before using in sql query.

openSIS versions 4.5 and 5.3

Send a crafted data via HTTP POST request and check whether it is able to execute sql query or not.

• http://seclists.org/fulldisclosure/2014/Jun/151

---

Updated on 2015-03-25