JVN#73705637 ACollab SQL injection vulnerability

Overview

ACollab is open source web-based groupware and is also available as an add-on for e-learning content management system ATutor. ACollab contains a SQL injection vulnerability.

Products Affected

ACollab 1.2 and earlier

Development and maintenance of ACollab finished with version 1.2 as of July 6, 2006. However ATutor 1.5.3 includes the almost same functionality as ACollab. Users of ACollab are recommended to swith to ATutor 1.5.3.

Description

Impact

A remote attacker could modify the database contents or steal data. An attacker could also bypass authentication and impersonate a user.

Solution

Vendor Status

Vendor	Link
ATRC	ACollab : Accessible Collaboration Environment: Information:

References

JPCERT/CC Addendum

Credit

Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia	JVNDB-2006-000631