| 제목 | Advaya Softech Pvt Ltd GEMS 2.1 SQL Injection |
|---|
| 설명 | A SQL Injection vulnerability was discovered in the Advaya GEMS ERP Portal v2.1 at the /studentLogin/studentLogin.action endpoint. The userId parameter fails to sanitize input, allowing attackers to inject SQL queries. Both Boolean-based and Time-based blind injection techniques were successfully demonstrated. A proof-of-concept script exploiting the flaw is available, showing the ability to extract database information. This vulnerability could lead to unauthorized access to sensitive data or potential database compromise. The GEMS ERP system is used by several educational universities and colleges, increasing the risk and potential impact of this flaw. Full details and PoC are available at: https://github.com/kuppamjohari/advaya-gems-sql-injection-poc |
|---|
| 원천 | ⚠️ https://pesgems.in/studentLogin/studentLogin.action?personType=student&userId=testCSC2024&password=testCSC2024 |
|---|
| 사용자 | Kuppamjohari (UID 85166) |
|---|
| 제출 | 2025. 05. 11. PM 07:39 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 16. PM 09:05 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 309405 [Advaya Softech GEMS ERP Portal 2.1 studentLogin.action userId SQL 주입] |
|---|
| 포인트들 | 20 |
|---|