This host is running Cyclope Employee Surveillance Solution and is prone to SQL injection vulnerability.

Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application

Update to version 6.2.1 or later, For updates refer to http://www.cyclope-series.com

Input passed to 'username' and 'password' parameter in '/index.php' page is not properly verified before being used in SQL queries.

Cyclope Employee Surveillance Solution version 6.0.8.5 and prior

• http://packetstormsecurity.org/files/115406/cyclope-sql.txt
• http://secunia.com/advisories/50200
• http://www.exploit-db.com/exploits/20393
• http://www.osvdb.org/84517

---

Updated on 2015-03-25