Basic search

K
ptsecurityPositive TechnologiesPT-2015-01
HistoryJan 13, 2015 - 12:00 a.m.

PT-2015-01: SQL Injection in Solar-Log WEB

2015-01-1300:00:00
Positive Technologies
www.ptsecurity.com
8

PT-2015-01: SQL Injection in Solar-Log WEB

Vulnerable software

Solar-Log WEB

Link:
http://www.solar-log.com/

Severity level

Severity level: High
Impact: SQL Injection
Access Vector: Remote

CVSS v2:
Base Score: 7.5
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE: not assigned

Software description

Solar-log WEB is a web-based monitoring application that allows installers, Portal operators and service providers to manage and monitor installed systems remotely.

Vulnerability description

The specialists of the Positive Research center have detected an SQL injection vulnerability in Solar-Log WEB.

SQL Injection vulnerability allows remote attackers to execute arbitrary SQL commands via a specially crafted request.

How to fix

Update your sofware up to the latest version

Advisory status

12.01.2015 - Vendor gets vulnerability details
13.01.2015 - Vendor releases fixed version and details
13.02.2015 - Public disclosure

Credits

The vulnerability was detected by Sergey Gordeychik, Positive Research Center (Positive Technologies Company)

References

<http://en.securitylab.ru/lab/PT-2015-01&gt;

Reports on the vulnerabilities previously discovered by Positive Research:

<http://www.ptsecurity.com/research/advisory/&gt;
<http://en.securitylab.ru/lab/&gt;