Intrusion Prevention

Revize.CMS.Query_results.JSP.SQL.Injection

Description

SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter.

Affected Products

Revize CMS 4.x

Impact

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Recommended Actions

Edit the source code to ensure that input is properly sanitised and ensure that files exposing sensitive information to users is not placed accessible inside the web root.

CVE References

CVE-2005-3727