| tiêu đề | Advaya Softech Pvt Ltd GEMS 2.1 SQL Injection |
|---|
| Mô tả | A SQL Injection vulnerability was discovered in the Advaya GEMS ERP Portal v2.1 at the /studentLogin/studentLogin.action endpoint. The userId parameter fails to sanitize input, allowing attackers to inject SQL queries. Both Boolean-based and Time-based blind injection techniques were successfully demonstrated. A proof-of-concept script exploiting the flaw is available, showing the ability to extract database information. This vulnerability could lead to unauthorized access to sensitive data or potential database compromise. The GEMS ERP system is used by several educational universities and colleges, increasing the risk and potential impact of this flaw. Full details and PoC are available at: https://github.com/kuppamjohari/advaya-gems-sql-injection-poc |
|---|
| Nguồn | ⚠️ https://pesgems.in/studentLogin/studentLogin.action?personType=student&userId=testCSC2024&password=testCSC2024 |
|---|
| Người dùng | Kuppamjohari (UID 85166) |
|---|
| Đệ trình | 11/05/2025 19:39 (cách đây 12 các tháng) |
|---|
| Kiểm duyệt | 16/05/2025 21:05 (5 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 309405 [Advaya Softech GEMS ERP Portal 2.1 studentLogin.action userId Tiêm SQL] |
|---|
| điểm | 20 |
|---|