Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
maxsi evisit analyst |