The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2018-07-13T20:00:00

Updated: 2024-08-06T01:36:28.063Z

Reserved: 2016-08-03T00:00:00

Link: CVE-2016-6566

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-13T20:29:01.160

Modified: 2024-11-21T02:56:22.183

Link: CVE-2016-6566

cve-icon Redhat

No data.