Web application abuses : Linknat VOS3000/2009 SQL Injection Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.106085

Category: Web application abuses

Title: Linknat VOS3000/2009 SQL Injection Vulnerability

Summary: Linknat VOS3000/2009 is prone to an SQL Injection vulnerability

Description: Summary:
Linknat VOS3000/2009 is prone to an SQL Injection vulnerability

Vulnerability Insight:
A time-based blind SQL-Injection has been found in the login page.
Results can be gathered from the output of welcome.jsp during the same session.

Vulnerability Impact:
A remote attacker can gain access to the underlying database and
manipulate it with DBA privileges.

Affected Software/OS:
Version 2.1.1.5, 2.1.1.8 and 2.1.2.0

Solution:
Upgrade to version 2.1.2.4 or later

CVSS Score:
9.4

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:N

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.106085
Category:	Web application abuses
Title:	Linknat VOS3000/2009 SQL Injection Vulnerability
Summary:	Linknat VOS3000/2009 is prone to an SQL Injection vulnerability
Description:	Summary: Linknat VOS3000/2009 is prone to an SQL Injection vulnerability Vulnerability Insight: A time-based blind SQL-Injection has been found in the login page. Results can be gathered from the output of welcome.jsp during the same session. Vulnerability Impact: A remote attacker can gain access to the underlying database and manipulate it with DBA privileges. Affected Software/OS: Version 2.1.1.5, 2.1.1.8 and 2.1.2.0 Solution: Upgrade to version 2.1.2.4 or later CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
Copyright	Copyright (C) 2016 Greenbone AG