ASP Scripter Products CPLogin.ASP SQL Injection Vulnerabilities
BID:21031
Info
ASP Scripter Products CPLogin.ASP SQL Injection Vulnerabilities
| Bugtraq ID: | 21031 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5927 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 13 2006 12:00AM |
| Updated: | Jul 06 2016 01:33PM |
| Credit: | ajann is credited with the discovery of this vulnerability. |
| Vulnerable: |
ASP Scripter Live Support 1.4 ASP Scripter Easy Portal 1.3 |
| Not Vulnerable: | |
Discussion
ASP Scripter Products CPLogin.ASP SQL Injection Vulnerabilities
ASP Scripter Products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. These products include ASP Scripter Easy Portal and ASP Scripter Live Support.
Exploiting this issue could allow an attacker to compromise the applications, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Version 1.4 for Easy portal and version 1.3 for Live Support are vulnerable to this issue; other versions may also be affected.
ASP Scripter Products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. These products include ASP Scripter Easy Portal and ASP Scripter Live Support.
Exploiting this issue could allow an attacker to compromise the applications, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Version 1.4 for Easy portal and version 1.3 for Live Support are vulnerable to this issue; other versions may also be affected.
Exploit / POC
ASP Scripter Products CPLogin.ASP SQL Injection Vulnerabilities
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
ASP Scripter Products CPLogin.ASP SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ASP Scripter Products CPLogin.ASP SQL Injection Vulnerabilities
References:
References: