Cilem Haber Unspecified Input Validation Bug Permits SQL Injection
|
|
SecurityTracker Alert ID: 1015677
|
|
SecurityTracker URL: http://securitytracker.com/id?1015677
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 25 2006
|
Impact: Disclosure of system information, Disclosure of user information, User access via network
|
Version(s): 1.1 and prior version
|
Description: A vulnerability was reported in Cilem Haber. A remote user can inject SQL commands.
The software does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute
SQL commands on the underlying database.
The affected scripts and parameters were not specified in the report.
The vendor
was notified on February 23, 2006.
Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI reported this vulnerability.
|
Impact: A remote user can execute SQL commands on the underlying database.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.cilem.net/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: nukedx@nukedx.com
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 24 Feb 2006 18:16:48 +0200
From: nukedx@nukedx.com
Subject: Advisory: CilemNews System <= 1.1 Remote SQL Injection
|
--Security Report--
Advisory: CilemNews System <= 1.1 Remote SQL Injection Vulnerability
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 23/02/06 08:36 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@nukedx.com
Web: http://www.nukedx.com
---
Vendor: Cilem (www.cilem.net)
Version: 1.1 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL query.
Level: Critical
---
How&Example:
Not available at this time.
--
Timeline:
* 23/02/2006: Vulnerability found.
* 23/02/2006: Contacted with vendor and waiting reply.
--
Exploit: Not available at this time.
|
|
