MidnightBSD

Advisories for sabreairlinesolutions

CVE-2014-4858 HIGH

Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
sabreairlinesolutions crew_management *
sabreairlinesolutions crew_operations *
sabreairlinesolutions crew_services *
sabreairlinesolutions crew_training *
sabreairlinesolutions crew_planning *