WorkforceROI XPede Sprc.ASP SQL Injection Vulnerability
XPede is web-based project accounting software. It is available for Microsoft Windows operating systems.
XPede is back-ended by Microsoft SQL Server.
A vulnerability in the XPede sprc.asp script makes it possible for a malicious user to launch SQL injection attacks. This may be possibly be exploited to list database tables or modify/delete data.
Vulnerabilities or misconfigurations in the underlying database might also be exploited via this issue.
This issue was reported for XPede 4.1. Other versions may also be affected.