Description
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
Problem types
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
References
www.synchroweb.com/release-notes/kiwire/security
