JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
BID:10017
Info
JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 10017 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2004 12:00AM |
| Updated: | Mar 31 2004 12:00AM |
| Credit: | This issue was disclosed in the product changelog. |
| Vulnerable: |
JamesOff QuoteEngine 1.1 JamesOff QuoteEngine 1.0 |
| Not Vulnerable: |
JamesOff QuoteEngine 1.2 |
Discussion
JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
It has been reported that QuoteEngine may be prone to an SQL injection vulnerability in various variables that may allow attackers to pass malicious input to database queries. This vulnerability exists due to insufficient sanitization of user-supplied input and may only be exploited by users known to a victim's eggdrop.
This issue is reported to exist in QuoteEngine 1.1.0 and prior.
It has been reported that QuoteEngine may be prone to an SQL injection vulnerability in various variables that may allow attackers to pass malicious input to database queries. This vulnerability exists due to insufficient sanitization of user-supplied input and may only be exploited by users known to a victim's eggdrop.
This issue is reported to exist in QuoteEngine 1.1.0 and prior.
Exploit / POC
JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
Solution:
The vendor has released QuoteEngine 1.2.0 to address this issue:
JamesOff QuoteEngine 1.0
JamesOff QuoteEngine 1.1
Solution:
The vendor has released QuoteEngine 1.2.0 to address this issue:
JamesOff QuoteEngine 1.0
-
JamesOff quoteengine-1.2.0.tar.gz
http://prdownloads.sourceforge.net/topicengine/quoteengine-1.2.0.tar.g z?download
JamesOff QuoteEngine 1.1
-
JamesOff quoteengine-1.2.0.tar.gz
http://prdownloads.sourceforge.net/topicengine/quoteengine-1.2.0.tar.g z?download
References
JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
References:
References:
- QuoteEngine Product Page (JamesOff)