GA's Forum Light archive.asp Multiple Variable SQL Injection

2006-02-07T10:41:48
ID OSVDB:23509
Type osvdb
Reporter OSVDB
Modified 2006-02-07T10:41:48

Description

Vulnerability Description

GA's Forum Light has been reported to contain an SQL injection issue in the archive.asp script. Subsequent testing by SecurityTracker after the vendor disputed the issue indicates the software uses flat files to store data, not a backend database. Therefore, the SQL injection report is incorrect and was likely diagnosed due to a vbscript parsing error.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

GA's Forum Light has been reported to contain an SQL injection issue in the archive.asp script. Subsequent testing by SecurityTracker after the vendor disputed the issue indicates the software uses flat files to store data, not a backend database. Therefore, the SQL injection report is incorrect and was likely diagnosed due to a vbscript parsing error.

References:

Vendor URL: http://www.gurgensvbstuff.com/index.php?ID=22 Security Tracker: 1015600 Mail List Post: http://attrition.org/pipermail/vim/2006-February/000561.html CVE-2006-0669 Bugtraq ID: 16563