Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.
An attacker injects logical conditions (TRUE or FALSE) into application input fields, thereby manipulating SQL queries executed by the backend. The application does not return direct errors or database data, but responds with different responses depending on whether the injected condition is true or false. Based on differences in application responses, an attacker is able to reconstruct the contents of the database. This allows injection of arbitrary SQL into configuration queries executed within the application.
An attacker can gain unauthorized access to sensitive data stored in the database, as well as compromise its integrity or availability. Depending on the database account permissions, it is possible to read, modify, or delete data.
Apply patches available from the vendor according to the references — detailed information available in the HCL Software knowledge base article: KB0129410 (https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410)
HCL Software products indicated in vendor references (article KB0129410); specific versions should be identified based on vendor documentation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHcltech Unica
APPHcltech< 25.1.1.0.1Hcltech Unica Audience Central
APPHcltech< 25.1.1.0.1
Related vulnerabilities
A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. S...
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administ...
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. ...
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platf...