vendor:
Voxlog Professional
by:
SecurityFocus
7,5
CVSS
HIGH
File Disclosure and SQL Injection
89, 564
CWE
Product Name: Voxlog Professional
Affected Version From: 3.7.2.729
Affected Version To: 3.7.0.633
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
VOXTRONIC Voxlog Professional Multiple Vulnerabilities
VOXTRONIC Voxlog Professional is prone to a file-disclosure vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. An remote attacker can exploit these issues to obtain potentially sensitive information from local files on computers running the vulnerable application, or modify the logic of SQL queries. A successful exploit may allow the attacker to compromise the software, retrieve information, or modify data; These may aid in further attacks.
Mitigation:
Input validation should be used to ensure that untrusted data is not allowed to enter the system.
