Vice Stats vs_resource.php ID Variable SQL Injection

2006-06-07T05:49:05
ID OSVDB:26217
Type osvdb
Reporter OSVDB
Modified 2006-06-07T05:49:05

Description

Solution Description

Upgrade to version 1.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

/vs_resource.php?ID=[SQL]

References:

Vendor URL: http://www.arantius.com/topic/vice+stats Secunia Advisory ID:20512 Related OSVDB ID: 26218 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0038.html Mail List Post: http://attrition.org/pipermail/vim/2006-June/000848.html CVE-2006-2972 Bugtraq ID: 18317