Some vulnerabilities in ASP-DEv Internal E-Mail System, which can be exploited by malicious people to conduct SQL injection attacks.

Some vulnerabilities in ASP-DEv Internal E-Mail System, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "login" and "password" parameters in login.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows bypassing the authentication mechanism.

Edit the source code to ensure that input is properly sanitised.