daloRADIUS Multiple Input Validation Vulnerabilities
BID:58531
Info
daloRADIUS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 58531 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2013 12:00AM |
| Updated: | Mar 15 2013 12:00AM |
| Credit: | Saadat Ullah |
| Vulnerable: |
Liran Tal Daloradius 0 |
| Not Vulnerable: | |
Discussion
daloRADIUS Multiple Input Validation Vulnerabilities
daloRADIUS is prone to the following input-validation vulnerabilities:
1. A cross-site request-forgery vulnerability
2. Multiple SQL-injection vulnerabilities
3. Multiple cross-site scripting vulnerabilities
Exploiting these issues could allow an attacker to perform certain unauthorized administrative actions, execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
daloRADIUS is prone to the following input-validation vulnerabilities:
1. A cross-site request-forgery vulnerability
2. Multiple SQL-injection vulnerabilities
3. Multiple cross-site scripting vulnerabilities
Exploiting these issues could allow an attacker to perform certain unauthorized administrative actions, execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Solution / Fix
daloRADIUS Multiple Input Validation Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].