1 results (0.001 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2009-3642 – HEAT Call Logging 8.01 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3642
Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. Múltiples vulnerabilidades de inyección SQL en la funcionalidad de Registro de llamadas de FrontRange HEAT v8.01 permite a atacantes remotos ejecutar comandos SQL a través de los parámetros (1) UserName y (2) password. • https://www.exploit-db.com/exploits/9809 http://packetstormsecurity.org/0909-exploits/heat-sql.txt http://secunia.com/advisories/36900 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •