ASPRunner Multiple Unspecified SQL Injections

2004-07-26T07:05:44
ID OSVDB:8251
Type osvdb
Reporter Ferruh Mavituna(ferruh@mavituna.com)
Modified 2004-07-26T07:05:44

Description

Vulnerability Description

ASPRunner contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in all pages (except the login pages) are not verified properly and will allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ASPRunner contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in all pages (except the login pages) are not verified properly and will allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.

References:

Vendor URL: http://www.xlinesoft.com/asprunner/ Security Tracker: 1010777 Secunia Advisory ID:12164 Related OSVDB ID: 8254 Related OSVDB ID: 8252 Related OSVDB ID: 8253 Other Advisory URL: http://ferruh.mavituna.com/article/?574 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0291.html ISS X-Force ID: 16799 CVE-2004-2057 Bugtraq ID: 10799