Brilliance Golden Link Secondary System SQL Injection Vulnerability in custTradeName Argument
Vulnerability
A critical SQL injection vulnerability has been identified in the Brilliance Golden Link Secondary System, affecting versions prior to 20250609. The issue arises in the custTakeInfoPage.htm file, where the custTradeName argument can be manipulated to inject malicious SQL, potentially compromising the application's database. This vulnerability can be exploited remotely, and a public proof-of-concept is available.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a request to the custTakeInfoPage.htm file with a crafted custTradeName argument that includes SQL injection payloads. The injection point can be verified by observing the application's response or by using SQL injection testing techniques.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.