The web application software is vulnerable to a SQL injection flaw through the HTTP Referer header. A malicious user can thus execute blind SQL queries in the backend database without the user's consent.
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
