DUware Multiple Software SQL Injection Vulnerability
TITLE: DUware Multiple Software SQL Injection Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Dec 02 2005 12:00AM
UPDATE: Dec 02 2005 12:00AM
CREDIT: syst3m_f4ult of the Crouz Security Team is credited with the discovery of this vulnerability.
VULNERABLE:
DUware DUpaypal Pro 3.0NOT VULNERABLE:
DUware DUpaypal 3.1
DUware DUnews 1.1
DUware DUgallery 3.3
DUware DUdownload 1.1
DUware DUdirectory Pro SQL 3.0
DUware DUdirectory Pro 3.0
DUware DUdirectory 3.1
DUware DUclassified 4.2
DUware DUarticle 1.1
DUware DUamazon 3.1
Vai alla pagina originale su Security Focus
Discussion
Multiple DUware applications are prone to an SQL injection vulnerability. This issue is due to a failure in the applications to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Exploit
No exploit is required.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
References
References:
- DUware Homepage (DUware)