|
Family: CGI abuses --> Category: attack
DevTrack Web Service UserName SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to generate a SQL error using DevTrack Web Service
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP application that is affected by
a SQL injection vulnerability.
Description :
The remote host is running DevTrack, a defect and project tracking
tool.
The DevTrack Web Services component installed on the remote host
contains an ASP script that fails to sanitize user-supplied input to
the 'UserName' parameter before using it in a database query. An
unauthenticated remote attacker may be able to leverage this flaw to
manipulate SQL queries and uncover sensitive information, modify data,
or even launch attacks against the underlying database.
Solution :
The vendor is rumoured to be incorporating a fix into DevTrack version
6.2.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|