Disk Pool Manager Multiple SQL Injection Vulnerabilities
BID:58416
Info
Disk Pool Manager Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 58416 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 05 2013 12:00AM |
| Updated: | Mar 05 2013 12:00AM |
| Credit: | Adam Zabrocki |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Disk Pool Manager Multiple SQL Injection Vulnerabilities
Disk Pool Manager (DPM) is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using in an SQL query.
Exploiting these issues allows an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
DPM 1.8.5 and prior versions are vulnerable.
Disk Pool Manager (DPM) is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using in an SQL query.
Exploiting these issues allows an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
DPM 1.8.5 and prior versions are vulnerable.
Exploit / POC
Disk Pool Manager Multiple SQL Injection Vulnerabilities
An attacker can use a browser to exploit these issues.
An attacker can use a browser to exploit these issues.
Solution / Fix
Disk Pool Manager Multiple SQL Injection Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Disk Pool Manager Multiple SQL Injection Vulnerabilities
References:
References: