LogiSense multiple application login form SQL injection

logisense-sql-injection (9268) The risk level is classified as MediumMedium Risk

Description:

The LogiSense DNS Manager System, Hawk-i Billing, and Hawk-i ASP are vulnerable to SQL injection in the ASP-based login forms. A remote attacker could insert malicious characters in the password field to modify SQL queries and gain unauthorized access to the program.


Consequences:

Gain Access

Remedy:

Install the latest version of the software, or apply the the latest SQL injection patch. Hawk-i 4.x and Hawk-i 5.x users may download the SQL injection patch from the Hawk-i ISP Billing support page. See References.

References:

Platforms Affected:

  • LogiSense LogiSense DNS Manager System
  • LogiSense LogiSense Hawk-i ASP
  • LogiSense LogiSense Hawk-i Billing

Reported:

Jun 04, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page