header-logo
Suggest Exploit
vendor:
RJ-iTop Network Vulnerability Scanner System
by:
N/A
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: RJ-iTop Network Vulnerability Scanner System
Affected Version From: v3.0.7.x
Affected Version To: v3.0.7.x
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities

Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System, which can be exploited by malicious users to conduct SQL injection and script insertion attacks. Authentication is required to exploit these vulnerabilities.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities



Vulnerable: v3.0.7.x

Vendor:  www.rj-itop.com<http://www.rj-itop.com>

Category: Input Validation Error

Impact:   SQL injection



Details:

=========

Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System&#65292; which can be exploited by malicious users to conduct SQL injection and script insertion attacks.

Authentication is required to exploit these vulnerabilities.



POC:

=========

https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection]





Timeline:

========

2009.10.19   Report to vendor (but vender did not respond)

2009.11.15   Report to vendor second times

2009.11.19   Report to CNNVD

2010.04.13   Public

Navigation

Suggest Exploit

Services By CQR