WorkforceROI XPede Sprc.ASP SQL Injection Vulnerability

XPede is web-based project accounting software. It is available for Microsoft Windows operating systems.

XPede is back-ended by Microsoft SQL Server.

A vulnerability in the XPede sprc.asp script makes it possible for a malicious user to launch SQL injection attacks. This may be possibly be exploited to list database tables or modify/delete data.

Vulnerabilities or misconfigurations in the underlying database might also be exploited via this issue.

This issue was reported for XPede 4.1. Other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus