DevTrack HTML Injection and SQL Injection Vulnerabilities
BID:22460
Info
DevTrack HTML Injection and SQL Injection Vulnerabilities
| Bugtraq ID: | 22460 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0852 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Joren McReynolds is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
DevTrack DevTrack 6.0.3 |
| Not Vulnerable: |
TechExcel DevTrack 7.1 |
Discussion
DevTrack HTML Injection and SQL Injection Vulnerabilities
DevTrack is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible.
DevTrack 6.0.3 is reported vulnerable; other versions may also be affected.
DevTrack is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible.
DevTrack 6.0.3 is reported vulnerable; other versions may also be affected.
Exploit / POC
DevTrack HTML Injection and SQL Injection Vulnerabilities
An attacker can exploit these issues via a browser.
An attacker can exploit these issues via a browser.
Solution / Fix
DevTrack HTML Injection and SQL Injection Vulnerabilities
Solution:
The vendor has released updates. Please contact the vendor for details.
Solution:
The vendor has released updates. Please contact the vendor for details.