SCLIntra Enterprise Multiple SQL Injection and Authentication Bypass Vulnerabilities
BID:53718
Info
SCLIntra Enterprise Multiple SQL Injection and Authentication Bypass Vulnerabilities
| Bugtraq ID: | 53718 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2012 12:00AM |
| Updated: | May 29 2012 12:00AM |
| Credit: | r@b13$ |
| Vulnerable: |
SCLogic SCLIntra Enterprise 5.5.2 |
| Not Vulnerable: |
SCLogic SCLIntra Enterprise 6 |
Discussion
SCLIntra Enterprise Multiple SQL Injection and Authentication Bypass Vulnerabilities
SCLIntra Enterprise is prone to multiple SQL-injection vulnerabilities and an authentication-bypass vulnerability.
An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well.
SCLIntra Enterprise 5.5.2 is vulnerable; other versions may also be affected.
SCLIntra Enterprise is prone to multiple SQL-injection vulnerabilities and an authentication-bypass vulnerability.
An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well.
SCLIntra Enterprise 5.5.2 is vulnerable; other versions may also be affected.
Exploit / POC
SCLIntra Enterprise Multiple SQL Injection and Authentication Bypass Vulnerabilities
Attackers can exploit these issues with a browser.
Attackers can exploit these issues with a browser.
Solution / Fix
SCLIntra Enterprise Multiple SQL Injection and Authentication Bypass Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
SCLIntra Enterprise Multiple SQL Injection and Authentication Bypass Vulnerabilities
References:
References:
- SCLogic Homepage (SCLogic)
- DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass (Digital Defense)