| 标题 | Advaya Softech Pvt Ltd GEMS 2.1 SQL Injection |
|---|
| 描述 | A SQL Injection vulnerability was discovered in the Advaya GEMS ERP Portal v2.1 at the /studentLogin/studentLogin.action endpoint. The userId parameter fails to sanitize input, allowing attackers to inject SQL queries. Both Boolean-based and Time-based blind injection techniques were successfully demonstrated. A proof-of-concept script exploiting the flaw is available, showing the ability to extract database information. This vulnerability could lead to unauthorized access to sensitive data or potential database compromise. The GEMS ERP system is used by several educational universities and colleges, increasing the risk and potential impact of this flaw. Full details and PoC are available at: https://github.com/kuppamjohari/advaya-gems-sql-injection-poc |
|---|
| 来源 | ⚠️ https://pesgems.in/studentLogin/studentLogin.action?personType=student&userId=testCSC2024&password=testCSC2024 |
|---|
| 用户 | Kuppamjohari (UID 85166) |
|---|
| 提交 | 2025-05-11 19時39分 (12 月前) |
|---|
| 管理 | 2025-05-16 21時05分 (5 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 309405 [Advaya Softech GEMS ERP Portal 2.1 studentLogin.action userId SQL注入] |
|---|
| 积分 | 20 |
|---|