kuppamjohari/advaya-gems-sql-injection-poc
GitHub
Releases0
Stars1
Proof of Concept (PoC) for a High-Severity SQL Injection Vulnerability (Boolean- and Time-Based Blind) in Advaya GEMS ERP Portal's userId parameter. Demonstrates database enumeration using GEMS_POC.py. Includes vulnerability report with remediation steps. For security research and authorized testing only.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.3 MEDIUM | 6.5 MEDIUM | ||
A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||