WorkforceROI XPede Sprc.ASP SQL Injection Vulnerability

WorkforceROI XPede Sprc.ASP SQL Injection Vulnerability

XPede is web-based project accounting software. It is available for Microsoft Windows operating systems.

XPede is back-ended by Microsoft SQL Server.

A vulnerability in the XPede sprc.asp script makes it possible for a malicious user to launch SQL injection attacks. This may be possibly be exploited to list database tables or modify/delete data.

Vulnerabilities or misconfigurations in the underlying database might also be exploited via this issue.

This issue was reported for XPede 4.1. Other versions may also be affected.