14 DAY TRIAL // After yesterday we’ve learned that the international airport in Dusseldorf patched up some serious vulnerabilities that could have allowed a remote attacker to execute arbitrary code, today researchers publicly disclose that another major German airport patched up the same types of flaws.
Multiple blind SQL injection vulnerabilities were present on the official website of the Koeln Bonn Airport. The security weakness may have been exploited by a hacker to inject his own SQL commands in the affected application’s database management system (DBMS).
If successfully exploited, the website, the DBMS and the application could have been compromised.
The airport was notified on the existence of the flaws back in March 2011, but they only provided a fix in the first days of 2012.
It’s a good thing that airport representatives dealt with the issue because it had been estimated as a critical weakness.