SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Cilem Haber Vendors:   cilem.net
Cilem Haber Unspecified Input Validation Bug Permits SQL Injection
SecurityTracker Alert ID:  1015677
SecurityTracker URL:  http://securitytracker.com/id/1015677
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 25 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network

Version(s): 1.1 and prior version
Description:   A vulnerability was reported in Cilem Haber. A remote user can inject SQL commands.

The software does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

The affected scripts and parameters were not specified in the report.

The vendor was notified on February 23, 2006.

Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI reported this vulnerability.

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.cilem.net/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Advisory: CilemNews System <= 1.1 Remote SQL Injection

--Security Report--
Advisory: CilemNews System <= 1.1 Remote SQL Injection Vulnerability
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 23/02/06 08:36 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@nukedx.com
Web: http://www.nukedx.com
}
---
Vendor: Cilem (www.cilem.net)
Version: 1.1 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL query.
Level: Critical
---
How&Example:
Not available at this time.
--
Timeline:
* 23/02/2006: Vulnerability found.
* 23/02/2006: Contacted with vendor and waiting reply.
--
Exploit: Not available at this time.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC