Published:2006/02/03  Last Updated:2008/05/21

JVN#41550845
Nagasaki Electronic Prefectural Office System SQL injection vulnerability

Overview

Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities.

Products Affected

  • Nagasaki Electronic Prefectural Office System's annual leave management system
  • Nagasaki Electronic Prefectural Office System's staff directry system
  • Nagasaki Electronic Prefectural Office System's document management system

Description

Impact

A remote attacker may view or modify the database contents.

Solution

Vendor Status

Vendor Link
Nagasaki Electronic Prefectural Office System Open Source Toppage

References

JPCERT/CC Addendum

Credit

Hiromitsu Takagi of Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000604

Update History