RTH Information Disclosure and Multiple SQL Injection Vulnerabilities
BID:30603
Info
RTH Information Disclosure and Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 30603 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 07 2008 12:00AM |
| Updated: | Aug 08 2008 03:36PM |
| Credit: | Jan Schütze, teme7931 |
| Vulnerable: |
RTH RTH 1.6.4 |
| Not Vulnerable: |
RTH RTH 1.7 |
Discussion
RTH Information Disclosure and Multiple SQL Injection Vulnerabilities
RTH is prone to an information-disclosure vulnerability and multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
A successful attack could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Versions prior to RTH 1.7.0 are vulnerable.
RTH is prone to an information-disclosure vulnerability and multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
A successful attack could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Versions prior to RTH 1.7.0 are vulnerable.
Exploit / POC
RTH Information Disclosure and Multiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
RTH Information Disclosure and Multiple SQL Injection Vulnerabilities
Solution:
The vendor has released an update. Please see the references for more information.
RTH RTH 1.6.4
Solution:
The vendor has released an update. Please see the references for more information.
RTH RTH 1.6.4
References
RTH Information Disclosure and Multiple SQL Injection Vulnerabilities
References:
References:
- RTH 1.7.0 Release (RTH)
- RTH Homepage (RTH)