Release DateMar 23, 2007 |
Severitymedium |
ImpactSystem compromise: SQL command injection. |
DescriptionThis indicates an attempt to exploit a SQL injection vulnerability in Links Management Application.The vulnerability can be exploited by sending a specially crafted HTTP request, with injected SQL statements in the "lcnt" parameter, to the "index.php" script. A remote attacker can exploit this to execute arbitrary SQL commands on the back end database. |
Affected ProductsLinks Management Application version 1.0 and prior. |
Recommended ActionsCurrently we are not aware of any vendor supplied fix for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-1339 |
Reference/shttp://www.securityfocus.com/bid/22825 (BugTraq) |
