PT-2009-5823 · Logrover · Logrover
Published
2009-10-02
·
Updated
2018-10-10
·
CVE-2009-3532
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
LogRover versions 2.3 through 2.3.3
Description
The issue concerns SQL injection vulnerabilities in the login screen, specifically in the login.asp file. Remote attackers can execute arbitrary SQL commands by manipulating the
uname and pword parameters.Recommendations
For LogRover versions 2.3 through 2.3.3, consider restricting access to the login.asp file until a fix is available, and avoid using the
uname and pword parameters in the login screen to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logrover