Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1497905-4)
SAP Support Packages
(SAPK-60307INEAFINSRV, SAPK-60408INEAFINSRV, SAPK-60502INEAFINSRV, SAPKGPFC24, SAPKGPFD19)
Описание
The problem is caused by an SQL injection vulnerability. In the source code, an SQL statement is composed out of strings. An attacker can gain control over the content of a substring. As a result, the attacker can manipulate the resulting complete statement and can modify database contents.
Therefore, the report must be deactivated.
Therefore, the report must be deactivated.
Как исправить
After you implement this note, check whether the whole source code has been turned into a comment.
Implement the attached source code corrections.
Implement the attached source code corrections.
Ссылки