‘Free Simple Software’: SQL Injection Vulnerability

Users of ‘Free Simple Software’ please be advised of a SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Free Simple Software-SA-11/21/2010: ‘Free Simple Software’ SQL Injection Vulnerability (CVE-2010-4298)
DESCRIPTION
—————————————
A vulnerability exists in the ‘Free Simple Software’ download module which allows for a ‘UNION SELECT’ to easily expose
the application administrator’s plaintext password.

Read more at http://www.criticalwatch.com

 

Advertisements