HP Data Protector Multiple Products RequestCopy SQL Injection (CVE-2011-3158)

An SQL injection vulnerability has been reported in multiple HP Data Protector products...

CVE-2011-3158

HP Data Protector Notebook Extension contains a remote SQL injection in the dpnepolicyservice component (RequestCopy) exposed on TCP port 80. Unauthenticated attackers can craft a RequestCopy with a malicious type, causing the service to construct and execute arbitrary SQL queries under the servi...