Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability

ID ZDI-10-003
Type zdi
Reporter Anonymous
Modified 2010-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability.

The specific flaw exists due to insufficient sanity checks on the documentID parameter to the docfiledownload component. A carefully crafted parameter can result in direct SQL access to the underlying SQL Server database which can be further leveraged by an attacker to potentially execute arbitrary code.