FunkyASP AD System admin.asp Password Field SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
FunkyASP contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the password variable in the admin.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
Upgrade to version 1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.