YAP Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

YAP is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. YAP 1.1.1 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/bid/34274

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1038

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Apache Open For Business HTML injection vulnerability
Apache Tomcat Information Disclosure Vulnerability
Apache Continuum Cross Site Scripting Vulnerability
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

Take action and discover your vulnerabilities