WebEOC Multiple Unspecified SQL Injections

2005-07-13T12:04:53
ID OSVDB:17870
Type osvdb
Reporter OSVDB
Modified 2005-07-13T12:04:53

Description

Vulnerability Description

WebEOC contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to multiple unspecified scripts not properly sanitizing user-supplied input. This may allow a remote attacker to inject or manipulate SQL queries in the backend database. No further details have been provided.

Solution Description

Upgrade to version 6.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WebEOC contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to multiple unspecified scripts not properly sanitizing user-supplied input. This may allow a remote attacker to inject or manipulate SQL queries in the backend database. No further details have been provided.

References:

Vendor URL: http://www.esi911.com/esi/products/webeoc.shtml Secunia Advisory ID:16075 Related OSVDB ID: 17866 Related OSVDB ID: 17871 Related OSVDB ID: 17868 Related OSVDB ID: 17869 Related OSVDB ID: 17867 Related OSVDB ID: 17872 ISS X-Force ID: 21398 CVE-2005-2284 CERT VU: 372797