VideoDB Unspecified SQL Injection Vulnerability
BID:12219
Info
VideoDB Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 12219 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2005 12:00AM |
| Updated: | Jan 11 2005 12:00AM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
VideoDB VideoDB 2.0 .0 |
| Not Vulnerable: |
VideoDB VideoDB 2.0.2 |
Discussion
VideoDB Unspecified SQL Injection Vulnerability
VideoDB is reportedly affected by an unspecified SQL injection vulnerability. This is due to the application failing to properly sanitize user-supplied input before being used in an SQL query.
Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vendor has not released very many details about the vulnerability except VideoDB versions 2.0.0 and prior are affected. They have also released VideoDB 2.0.2 which reportedly addresses the issue.
VideoDB is reportedly affected by an unspecified SQL injection vulnerability. This is due to the application failing to properly sanitize user-supplied input before being used in an SQL query.
Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vendor has not released very many details about the vulnerability except VideoDB versions 2.0.0 and prior are affected. They have also released VideoDB 2.0.2 which reportedly addresses the issue.
Exploit / POC
VideoDB Unspecified SQL Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
VideoDB Unspecified SQL Injection Vulnerability
Solution:
The vendor has addressed this issue in VideoDB 2.0.2.
VideoDB VideoDB 2.0 .0
Solution:
The vendor has addressed this issue in VideoDB 2.0.2.
VideoDB VideoDB 2.0 .0
-
VideoDB videodb-2_0_2.tgz
http://prdownloads.sourceforge.net/videodb/videodb-2_0_2.tgz?download