WSN Links: SQL Injection Vulnerability

Users of WSN Links please be advised of a SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

WSN-SA-10/31/2010: ‘WSN Links’ SQL Injection Vulnerability
DESCRIPTION
—————————————
A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling
portions of SQL code between the affected parameters, successful SQL injection into the software can occur. In the
testing done, various ‘UNION SELECT’ SQL injections can occur. Read more at http://www.criticalwatch.com
 

Advertisements