February 10, 2009 - SQL Injection
WMS has been modified to prevent SQL Injection attacks. SQL Injection is a technique used by hackers to take advantage of non-valid input vulnerabilities to pass malicious commands through a Web application for execution by a backend database. Attackers take advantage of the fact that SQL commands are sometimes chained together with user-provided parameters. By manipulating those parameters, hackers quietly gain access to data.