PT-2009-5914 · Frontrange · Frontrange Heat
Published
2009-10-09
·
Updated
2009-10-12
·
CVE-2009-3642
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FrontRange HEAT version 8.01
Description
The issue concerns SQL injection vulnerabilities in the Call Logging feature. These vulnerabilities allow remote attackers to execute arbitrary SQL commands by manipulating the
username and password parameters.Recommendations
For FrontRange HEAT version 8.01, consider restricting access to the Call Logging feature until a patch is available, and avoid using the
username and password parameters in a way that could facilitate SQL injection attacks.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frontrange Heat