NatterChat Input Validation Hole Lets Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1011692
|
|
SecurityTracker URL: http://securitytracker.com/id?1011692
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 14 2004
|
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Version(s): 1.12 Final
|
Description: An input validation vulnerability was reported in NatterChat. A remote user can inject SQL commands.
Positive Technologies reported that the software does not properly validate user-supplied input. A remote user can supply specially
crafted input to execute arbitrary SQL commands on the underlying database.
The vendor has been notified.
|
Impact: A remote user can execute arbitrary SQL commands on the underlying database.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: natterchat.co.uk/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 14 Oct 2004 16:10:05 -0400
Subject: http://www.natterchat.co.uk
|
Positive Technologies reported an input validation vulnerability in NatterChat. A
remote user can inject SQL commands.
Version: 1.12 Final
The vendor has been notified.
|
|
