Gravity Board X login Field SQL Injection

2005-08-07T08:55:27
ID OSVDB:18625
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-08-07T08:55:27

Description

Vulnerability Description

Gravity Board X contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'login' field not properly sanitizing user-supplied input. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Gravity Board X contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'login' field not properly sanitizing user-supplied input. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://www.gravityboardx.com/ Security Tracker: 1014631 Secunia Advisory ID:16342 Related OSVDB ID: 18626 Related OSVDB ID: 18627 Related OSVDB ID: 18628 Related OSVDB ID: 18632 Related OSVDB ID: 18629 Related OSVDB ID: 18631 Related OSVDB ID: 18633 Related OSVDB ID: 18630 Related OSVDB ID: 18634 Related OSVDB ID: 18635 Other Advisory URL: http://www.rgod.altervista.org/gravity.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0100.html ISS X-Force ID: 21740 CVE-2005-2562 Bugtraq ID: 14497