SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Iisprotect | Iisprotect | 2.2_r4 | 2.2_r4 |