SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability
|
Advisory:
|
Meditate Web Content Editor ‘username_input’ SQL-Injection vulnerability
|
|
Advisory ID:
|
SSCHADV2011-039
|
|
Author:
|
Stefan Schurtz
|
|
Affected Software:
|
Successfully tested on Meditate 1.2
|
|
Vendor URL:
|
|
|
Vendor Status:
|
fixed
|
|
EDB-ID:
|
18202
|
======================
Vulnerability Description:
======================
Vulnerability Description:
======================
Meditate Web Content Editor is prone to a SQL-Injection vulnerability
==============
PoC-Exploit
==============
PoC-Exploit
==============
|
http://<target>/meditate_2.0/index.php?page=login_submit -> POST-Parameter ‘username_input=[sql-injection]’
|
=====
Solution
=====
Upgrade to version 1.2.1
================
Disclosure Timeline
================
30-Nov-2011 – Secunia SVCRP (vuln@secunia.com)
02-Dec-2011 – fixed by vendor
05-Dec-2011 – release date of this security advisory
05-Dec-2011 – release date of this security advisory
05-Dec-2011 – post on BugTraq
====
Credits
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References
=======
Trackbacks
No Trackbacks
Comments
Display comments as Linear | Threaded