Unrated severityNVD Advisory· Published Jul 26, 2014· Updated May 6, 2026

CVE-2014-4858

Description

Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.

Affected products

Sabreairlinesolutions/Crew Management
cpe:2.3:a:sabreairlinesolutions:crew_management:*:*:*:*:*:*:*:*
Range: <=2010.2.12.20008
Sabreairlinesolutions/Crew Operations
cpe:2.3:a:sabreairlinesolutions:crew_operations:*:*:*:*:*:*:*:*
Range: <=2010.2.12.20008
Sabreairlinesolutions/Crew Planning
cpe:2.3:a:sabreairlinesolutions:crew_planning:*:*:*:*:*:*:*:*
Range: <=2010.2.12.20008
Sabreairlinesolutions/Crew Services
cpe:2.3:a:sabreairlinesolutions:crew_services:*:*:*:*:*:*:*:*
Range: <=2010.2.12.20008
Sabreairlinesolutions/Crew Training
cpe:2.3:a:sabreairlinesolutions:crew_training:*:*:*:*:*:*:*:*
Range: <=2010.2.12.20008

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/394540nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/68899nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000