PT-2011-1943 · Brightsuite · Brightsuite Groupware

L0Rd Crusad3R

Publicado

2011-11-02

Atualizado

2012-02-14

CVE-2010-5008

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BrightSuite Groupware version 5.4

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is exploited via the ContactID parameter in the "pages/contact list mail form.asp" page.

Recommendations For BrightSuite Groupware version 5.4, update the software to a version that fixes this issue, or as a temporary workaround, consider restricting access to the "pages/contact list mail form.asp" page to minimize the risk of exploitation. Avoid using the ContactID parameter in the affected page until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2010-5008

Produtos afetados

Brightsuite Groupware

PT-2011-1943 · Brightsuite · Brightsuite Groupware

CVE-2010-5008

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7