An application used in the transportation sector worldwide is plagued by a high severity SQL injection vulnerability. The hacker who discovered the issue released a proof-of-concept (PoC) exploit without informing the vendor and ICS-CERT says the flaw has already been exploited against organizations in the United States.
The vulnerable application is Navis WebAccess, a web-based app that provides transport operators real-time access to operational logistics information.
Leave a reply
