IGSuite 'formid' Parameter SQL Injection Vulnerability
BID:29879
Info
IGSuite 'formid' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 29879 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-2835 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 22 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | k`sOSe |
| Vulnerable: |
IGSuite IGSuite 3.2.4 |
| Not Vulnerable: | |
Discussion
IGSuite 'formid' Parameter SQL Injection Vulnerability
IGSuite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
IGSuite 3.2.4 is vulnerable; previous versions may also be affected.
IGSuite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
IGSuite 3.2.4 is vulnerable; previous versions may also be affected.
Exploit / POC
IGSuite 'formid' Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following proof of concept is available:
Attackers can use a browser to exploit this issue.
The following proof of concept is available:
Solution / Fix
IGSuite 'formid' Parameter SQL Injection Vulnerability
Solution:
Reports indicate that the vendor released a fix that may be obtained using the application's automatic update feature. Symantec has not confirmed this information.
Solution:
Reports indicate that the vendor released a fix that may be obtained using the application's automatic update feature. Symantec has not confirmed this information.