PT-2002-1889 · Logisense · Hawk-I Billing+3

Published

2002-08-31

Updated

2008-09-05

CVE-2002-0878

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: LogiSense software including Hawk-i Billing versions (affected versions not specified) Hawk-i ASP versions (affected versions not specified) DNS Manager versions (affected versions not specified)

Description: The issue allows remote attackers to bypass authentication via SQL code in the password field in the login form.

Recommendations: For Hawk-i Billing, update to a version that fixes the SQL injection issue in the login form. For Hawk-i ASP, update to a version that fixes the SQL injection issue in the login form. For DNS Manager, update to a version that fixes the SQL injection issue in the login form. As a temporary workaround, consider restricting access to the login form to minimize the risk of exploitation. Avoid using SQL code in the password field in the affected login form until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0878

Affected Products

Dns Manager

Hawk-I Asp

Hawk-I Billing

Logisense

PT-2002-1889 · Logisense · Hawk-I Billing+3

CVE-2002-0878

Related Identifiers

Affected Products

References · 4