Solar-Log WEB
Link:
http://www.solar-log.com/
Severity level: High
Impact: SQL Injection
Access Vector: Remote
CVSS v2:
Base Score: 7.5
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE: not assigned
Solar-log WEB is a web-based monitoring application that allows installers, Portal operators and service providers to manage and monitor installed systems remotely.
The specialists of the Positive Research center have detected an SQL injection vulnerability in Solar-Log WEB.
SQL Injection vulnerability allows remote attackers to execute arbitrary SQL commands via a specially crafted request.
Update your sofware up to the latest version
12.01.2015 - Vendor gets vulnerability details
13.01.2015 - Vendor releases fixed version and details
13.02.2015 - Public disclosure
The vulnerability was detected by Sergey Gordeychik, Positive Research Center (Positive Technologies Company)
<http://en.securitylab.ru/lab/PT-2015-01>
Reports on the vulnerabilities previously discovered by Positive Research:
<http://www.ptsecurity.com/research/advisory/>
<http://en.securitylab.ru/lab/>