Vallheru Mail.PHP Multiple SQL Injection Vulnerabilities
BID:21051
Info
Vallheru Mail.PHP Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 21051 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 15 2006 12:00AM |
| Updated: | Nov 15 2006 11:26PM |
| Credit: | These issues were disclosed by the vendor. |
| Vulnerable: |
Vallheru Vallheru 1.0.6 Vallheru Vallheru 1.0.5 |
| Not Vulnerable: |
Vallheru Vallheru 1.0.7 |
Discussion
Vallheru Mail.PHP Multiple SQL Injection Vulnerabilities
Vallheru is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Versions prior to 1.0.7 are vulnerable.
Vallheru is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Versions prior to 1.0.7 are vulnerable.
Exploit / POC
Vallheru Mail.PHP Multiple SQL Injection Vulnerabilities
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
Vallheru Mail.PHP Multiple SQL Injection Vulnerabilities
Solution:
The vendor has released version 1.0.7 to address these issues. Please see the references for more information.
Vallheru Vallheru 1.0.5
Vallheru Vallheru 1.0.6
Solution:
The vendor has released version 1.0.7 to address these issues. Please see the references for more information.
Vallheru Vallheru 1.0.5
-
Vallheru Vallheru107.tar.gz
http://prdownloads.sourceforge.net/vallheru/vallheru107.tar.gz?downloa d
Vallheru Vallheru 1.0.6
-
Vallheru Vallheru107.tar.gz
http://prdownloads.sourceforge.net/vallheru/vallheru107.tar.gz?downloa d
References
Vallheru Mail.PHP Multiple SQL Injection Vulnerabilities
References:
References:
- Vallheru 1.0.7 Changelog (Vallheru)
- Vallheru Homepage (Vallheru)