Critical Vulnerability Information Vulnerability ID: VU#869702 Vulnerability Title: AvanSet Visual CertExam Manager 3.3 SQL injection vulnerability Release Date: 2014-01-23 Last Revised Date: 2014-07-24 CVE ID: CVE-2013-7175 Vulnerability Summary AvanSet Visual CertExam Manager version 3.3 and earlier versions are affected by an SQL injection vulnerability. Impact An authenticated attacker can read or modify data within the application's database. Solution Currently, we are unaware of any practical solution for this issue. Access Restrictions Implement firewall rules to restrict access to AvanSet Visual CertExam Manager from external untrusted sources. CVSS Metrics Acknowledgments We thank security researcher Mr. Aung Khant (aungkhant0911@gmail.com) for reporting this vulnerability. Additional Information Public Disclosure Date: 2014-01-17 Initial Release Date: 2014-01-23 Last Update Date: 2014-07-24 22:11 UTC Document Revision Version: 13