Scout Portal Toolkit SPT--UserLogin.php Multiple Variable SQL Injection

2005-12-10T10:23:13
ID OSVDB:21626
Type osvdb
Reporter Preddy()
Modified 2005-12-10T10:23:13

Description

Vulnerability Description

Scout Portal Toolkit (SPT) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SPT--UserLogin.php script not properly sanitizing user-supplied input to the 'F_UserName' and 'F_Password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Scout Portal Toolkit (SPT) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SPT--UserLogin.php script not properly sanitizing user-supplied input to the 'F_UserName' and 'F_Password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://scout.wisc.edu/Projects/SPT/ Secunia Advisory ID:17979 Related OSVDB ID: 21624 Related OSVDB ID: 21628 Related OSVDB ID: 21629 Related OSVDB ID: 21636 Related OSVDB ID: 21625 Related OSVDB ID: 21627 Other Advisory URL: http://www.x-illusion.com/rs/Scout%20Portal%20Toolkit.txt