Inventory Manager Multiple Input Validation Vulnerabilities

Inventory Manager Multiple Input Validation Vulnerabilities

An attacker can exploit the SQL-injection vulnerability using a standard web browser.

An attacker may exploit the cross-site scripting vulnerability by enticing unsuspecting users into following a malicious link.

The following example URIs are available:

SQL-injection :
http://site.com/inventory/inventory/display/imager.asp?pictable='[sql]
http://site.com/inventory/inventory/display/imager.asp?pictable=[inventory]&picfield=[sql]
http://site.com/inventory/inventory/display/imager.asp?pictable=[inventory &picfield=photo&where='[sql]

/data/vulnerabilities/exploits/21069.html