| शीर्षक | Advaya Softech Pvt Ltd GEMS 2.1 SQL Injection |
|---|
| विवरण | A SQL Injection vulnerability was discovered in the Advaya GEMS ERP Portal v2.1 at the /studentLogin/studentLogin.action endpoint. The userId parameter fails to sanitize input, allowing attackers to inject SQL queries. Both Boolean-based and Time-based blind injection techniques were successfully demonstrated. A proof-of-concept script exploiting the flaw is available, showing the ability to extract database information. This vulnerability could lead to unauthorized access to sensitive data or potential database compromise. The GEMS ERP system is used by several educational universities and colleges, increasing the risk and potential impact of this flaw. Full details and PoC are available at: https://github.com/kuppamjohari/advaya-gems-sql-injection-poc |
|---|
| स्रोत | ⚠️ https://pesgems.in/studentLogin/studentLogin.action?personType=student&userId=testCSC2024&password=testCSC2024 |
|---|
| उपयोगकर्ता | Kuppamjohari (UID 85166) |
|---|
| सबमिशन | 11/05/2025 07:39 PM (12 महीनों पहले) |
|---|
| संयम | 16/05/2025 09:05 PM (5 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 309405 [Advaya Softech GEMS ERP Portal 2.1 studentLogin.action userId SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|