Bluetrait Multiple Unspecified SQL Injection Vulnerabilities

Bugtraq ID:	21553
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 12 2006 12:00AM
Updated:	Dec 12 2006 12:00AM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	Bluetrait Bluetrait 1.1.1 Bluetrait Bluetrait 1.1
Not Vulnerable:	Bluetrait Bluetrait 1.2

Bluetrait Multiple Unspecified SQL Injection Vulnerabilities

Bluetrait is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.

Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Bluetrait versions 1.1.0 and 1.1.1 are vulnerable to these issues.

Bluetrait Multiple Unspecified SQL Injection Vulnerabilities

Attackers can use a web client to exploit these issues.

Bluetrait Multiple Unspecified SQL Injection Vulnerabilities

Solution:
The vendor has released an update to address these issues. Please see the references for more information.


Bluetrait Bluetrait 1.1

• Bluetrait Bluetrait Version 1.2.0
  http://download.bluetrait.org/latest.zip

Bluetrait Bluetrait 1.1.1

• Bluetrait Bluetrait Version 1.2.0
  http://download.bluetrait.org/latest.zip

Bluetrait Multiple Unspecified SQL Injection Vulnerabilities

References:

• Bluetrait Home Page (Bluetrait)
  
• Change Log (Bluetrait)