Release date:
Updated on:
Affected Systems:
Avanset Visual CertExam Manager <= 3.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65104
CVE (CAN) ID: CVE-2013-7175
Avanset Visual CertExam Manager is the desktop examination engine for certificate preparation.
Avanset Visual CertExam Manager 3.3 and earlier versions have multiple SQL Injection Vulnerabilities. authenticated remote users use the Title, File name, and Candidate Name fields, this vulnerability can be exploited to inject and execute SQL commands.
<* Source: Aung Khant
Link: http://www.kb.cert.org/vuls/id/869702
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Avanset
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.avanset.com/products/visual-certexam-suite.html