Published:2005/10/21 Last Updated:2008/05/21
JVN#59130192
eBASEweb SQL injection vulnerability
Overview
eBASEweb, an optional product in the eBASE series data management software from eBASE Co., Ltd., contains an SQL injection vulnerability as it does not completely sanitize user input data.
Products Affected
- eBASEweb version 3.0
Description
Impact
A remote attacker could alter database content or steal data.
Solution
Update the Software
Apply the latest updates provided by the vendor.
References
JPCERT/CC Addendum
eBASE Co., Ltd. has fixed this product and advised customers who have introduced this product to apply workarounds to address this vulnerability.This vulnerability was reported in version 3.0 released before September 2005.
The versions released after September 2005 does not contain this vulnerability issue.
Credit
Masashi Fujiwara reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000792 |