|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Cool Messenger Server and Cool Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to Cool_CoolID.exe not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Upgrade to Cool Manager version 5.0 (5,60,90,28) or Cool Messenger Office/School Server version 5.5 (5,65,12,13) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Cool Manager
 |
5.0 (5,60,90,27) |
Cool Messenger Office
|
5.5 (5,65,12,12) |
School Server
|
5.5 (5,65,12,12) |
|
|
|
|
Credit |
- Tan Chew Keong - chewkeong
 vuln.sg - Vuln.sg
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
