| Secunia Advisory: | SA29365 | |
| Release Date: | 2008-03-14 | |
| Critical: |  Less critical | |
| Impact: | Manipulation of data | |
| Where: | From remote | |
| Solution Status: | Unpatched | |
| Software: | Virtual Support Office-XP 2.x | |
| This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! | ||
Aria-Security Team has reported a vulnerability in Virtual Support Office-XP (VSO-XP), which can be exploited by malicious users to conduct SQL injection attacks.
Input passed to the "Issue_ID" parameter in MyIssuesView.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
Aria-Security Team
Original Advisory:
http://forum.aria-security.com/showthread.php?p=21
資料來源 secunia.com/advisories/29365/
全站熱搜
留言列表
