JClarens Multiple Unspecified SQL Injection Vulnerabilities
BID:21588
Info
JClarens Multiple Unspecified SQL Injection Vulnerabilities
| Bugtraq ID: | 21588 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 14 2006 12:00AM |
| Updated: | Dec 15 2006 07:48PM |
| Credit: | The vendor reported these vulnerabilities. |
| Vulnerable: |
Clarens JClarens 0.6.1 |
| Not Vulnerable: |
Clarens JClarens 0.6.2 |
Discussion
JClarens Multiple Unspecified SQL Injection Vulnerabilities
JClarens is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
JClarens versions prior to 0.6.2 are vulnerable to these issues.
JClarens is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.
A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
JClarens versions prior to 0.6.2 are vulnerable to these issues.
Exploit / POC
JClarens Multiple Unspecified SQL Injection Vulnerabilities
Attackers can exploit these issues via a web client.
Attackers can exploit these issues via a web client.
Solution / Fix
JClarens Multiple Unspecified SQL Injection Vulnerabilities
Solution:
The vendor has released version 0.6.2 to address these issues; please see the reference section for details.
Solution:
The vendor has released version 0.6.2 to address these issues; please see the reference section for details.
References
JClarens Multiple Unspecified SQL Injection Vulnerabilities
References:
References:
- JClarens Product Page (Clarens)
- Release Name: 0.6.2 (Clarens)