LinPHA Multiple Unspecified Input Validation Vulnerabilities

Bugtraq ID:	17619
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 19 2006 12:00AM
Updated:	Apr 20 2006 07:47PM
Credit:	These issues were disclosed by the vendor.
Vulnerable:	LinPHA LinPHA 1.1 LinPHA LinPHA 0.9.4 LinPHA LinPHA 0.9.3 LinPHA LinPHA 0.9.2 LinPHA LinPHA 0.9.1 LinPHA LinPHA 0.9 .0 LinPHA LinPHA 1.0
Not Vulnerable:	LinPHA LinPHA 1.1.1

LinPHA Multiple Unspecified Input Validation Vulnerabilities

LinPHA is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

Some of these issues may have previously been discussed in BID 17581 (LinPHA Multiple Cross-Site Scripting Vulnerabilities).

LinPHA Multiple Unspecified Input Validation Vulnerabilities


These issues can be exploited through a web client.

LinPHA Multiple Unspecified Input Validation Vulnerabilities

Solution:
The vendor has released version 1.1.1 to address these issues.

LinPHA Multiple Unspecified Input Validation Vulnerabilities

References:

• LinPHA Home Page (LinPHA)