VULHUB ™

It has been reported that SepCity Community Wizard is prone to a SQL injection vulnerability that may allow a remote attacker to login with administrative privileges by providing any value as a Username and 'or''=' as a value for the password. Successful exploitation of this attack may allow an attacker to gain access to sensitive data as an administrator, which could lead to further attacks. Further attacks against the underlying database are also possible. Community Wizard version 5.1 has been reported to be prone to this vulnerability, however prior version could be affected as well.

It has been reported that SepCity Community Wizard is prone to a SQL injection vulnerability that may allow a remote attacker to login with administrative privileges by providing any value as a Username and 'or''=' as a value for the password. Successful exploitation of this attack may allow an attacker to gain access to sensitive data as an administrator, which could lead to further attacks. Further attacks against the underlying database are also possible. Community Wizard version 5.1 has been reported to be prone to this vulnerability, however prior version could be affected as well.