Symantec Altiris WISE Package Studio Multiple SQL Injection Vulnerabilities
BID:52392
Info
Symantec Altiris WISE Package Studio Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 52392 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0293 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2012 12:00AM |
| Updated: | Mar 14 2012 12:00AM |
| Credit: | rgod |
| Vulnerable: |
Symantec Wise Package Studio 8.0 Symantec Wise Package Studio 7.0 SP3 Symantec Wise Package Studio 7.0 SP2 7.2.31 Symantec Wise Package Studio 7.0 SP2 Symantec Wise Package Studio 6.01 Symantec Wise Package Studio 6.0 Symantec Wise Package Studio 5.0 |
| Not Vulnerable: |
Symantec Admin Stuidio for Symantec 0 |
Discussion
Symantec Altiris WISE Package Studio Multiple SQL Injection Vulnerabilities
Altiris WISE Package Studio is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Altiris WISE Package Studio 8.0 and prior are vulnerable.
Altiris WISE Package Studio is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Altiris WISE Package Studio 8.0 and prior are vulnerable.
References
Symantec Altiris WISE Package Studio Multiple SQL Injection Vulnerabilities
References:
References: