BID:12610

INL Ulog-php Multiple Unspecified SQL Injection Vulnerabilities

Info

INL Ulog-php Multiple Unspecified SQL Injection Vulnerabilities

Bugtraq ID:	12610
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 21 2005 12:00AM
Updated:	Feb 21 2005 12:00AM
Credit:	These vulnerabilities were reported by the vendor.
Vulnerable:	INL Ulog-php 0.8.2 INL Ulog-php 0.8.1 INL Ulog-php 0.8

Not Vulnerable:	INL Ulog-php 1.0

Discussion

INL Ulog-php Multiple Unspecified SQL Injection Vulnerabilities

It is reported that Ulog-php is susceptible to multiple unspecified SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Versions prior to 1.0 are reported to be affected.

Exploit / POC

INL Ulog-php Multiple Unspecified SQL Injection Vulnerabilities

No exploit is required.

Solution / Fix

INL Ulog-php Multiple Unspecified SQL Injection Vulnerabilities

Solution:
The vendor has released an update to address these vulnerabilities.

INL Ulog-php 0.8

INL ulog-php-1.0.tar.gz
http://www.inl.fr/download/ulog-php-1.0.tar.gz

INL Ulog-php 0.8.1

INL ulog-php-1.0.tar.gz
http://www.inl.fr/download/ulog-php-1.0.tar.gz

INL Ulog-php 0.8.2

INL ulog-php-1.0.tar.gz
http://www.inl.fr/download/ulog-php-1.0.tar.gz

References

INL Ulog-php Multiple Unspecified SQL Injection Vulnerabilities

References:

Ulog-php Homepage (INL)