EasyFill Multiple Unspecified SQL Injection Vulnerabilities

Bugtraq ID:	21557
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 12 2006 12:00AM
Updated:	Dec 12 2006 12:00AM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	EasyFill EasyFill 0.5
Not Vulnerable:	EasyFill EasyFill 0.5.1

EasyFill Multiple Unspecified SQL Injection Vulnerabilities

EasyFill is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

EasyFill 0.5 and prior versions are vulnerable to these issues.

EasyFill Multiple Unspecified SQL Injection Vulnerabilities

Attackers can exploit these issues via a web client.

EasyFill Multiple Unspecified SQL Injection Vulnerabilities

Solution:
The vendor has released version 0.5.1 to address these issues; please see the reference section for details.

EasyFill Multiple Unspecified SQL Injection Vulnerabilities

References:

• Vendor Home Page (EasyFill)