CVE-2016-6566

CVE-2016-6566: The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database

Vendor Sungard

Product eTRAKiT3

Weakness CWE-89 · SQLi

Published July 13, 2018

Last update August 6, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.

Key dates

02Disclosure timeline

July 13, 2018 CVE published

August 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-6566 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-15185 code-projects Refugee Food Management System refugeesreport.php sql injection CVE-2023-2408 SourceCodester AC Repair and Services System view.php sql injection CVE-2024-7101 ForIP Tecnologia Administração PABX Authentication Form login sql injection CVE-2024-6274 lahirudanushka School Management System Attendance Report Page attendancelist.php sql injection CVE-2025-5170 llisoft MTA Maita Training System AdminShitiController.java AdminShitiListRequestVo sql injection