SoftAcid Reciprocal Link Exchange Lite SQL Injection Vulnerability
BID:21239
Info
SoftAcid Reciprocal Link Exchange Lite SQL Injection Vulnerability
| Bugtraq ID: | 21239 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2006 12:00AM |
| Updated: | Nov 28 2006 07:15PM |
| Credit: | Security Access Point is credited with the discovery of this vulnerability. |
| Vulnerable: |
Softacid Link Exchange Lite 1.0 |
| Not Vulnerable: | |
Discussion
SoftAcid Reciprocal Link Exchange Lite SQL Injection Vulnerability
SoftAcid Reciprocal Link Exchange Lite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
SoftAcid Reciprocal Link Exchange Lite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Exploit / POC
SoftAcid Reciprocal Link Exchange Lite SQL Injection Vulnerability
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
SoftAcid Reciprocal Link Exchange Lite SQL Injection Vulnerability
Solution:
The vendor states that a fix is available to address this issue. Users of affected packages should contact the vendor for more information on obtaining and applying fixes.
Solution:
The vendor states that a fix is available to address this issue. Users of affected packages should contact the vendor for more information on obtaining and applying fixes.