N/A

Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.

N/A

N/A

Wealth Management System Bonanza Wealth Management SQL注入漏洞

Bonanza Wealth Management是Wealth Management System有限公司的一个投资组合管理分析平台。 Bonanza Wealth Management (BWM) 7.3.2版本存在安全漏洞，该漏洞源于通过登录表单进行SQL注入。攻击者利用该漏洞可以收集所有加密格式的密码。

N/A

N/A