Secunia Advisory: | SA29365 | |
Release Date: | 2008-03-14 | |
Critical: | Less critical | |
Impact: | Manipulation of data | |
Where: | From remote | |
Solution Status: | Unpatched | |
Software: | Virtual Support Office-XP 2.x | |
This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! |
Aria-Security Team has reported a vulnerability in Virtual Support Office-XP (VSO-XP), which can be exploited by malicious users to conduct SQL injection attacks.
Input passed to the "Issue_ID" parameter in MyIssuesView.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
Aria-Security Team
Original Advisory:
http://forum.aria-security.com/showthread.php?p=21
資料來源 secunia.com/advisories/29365/
全站熱搜
留言列表