Sabre AirCentre Crew 'CWPLogin.aspx' Multiple SQL Injection Vulnerabilities

AirCentre Crew is prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

AirCentre Crew 2010.2.12.20008 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus