Published:2005/10/21  Last Updated:2008/05/21

JVN#59130192
eBASEweb SQL injection vulnerability

Overview

eBASEweb, an optional product in the eBASE series data management software from eBASE Co., Ltd., contains an SQL injection vulnerability as it does not completely sanitize user input data.

Products Affected

  • eBASEweb version 3.0

Description

Impact

A remote attacker could alter database content or steal data.

Solution

Update the Software
Apply the latest updates provided by the vendor.

Vendor Status

Vendor Status Last Update Vendor Notes
eBASE Co., LTD. Vulnerable 2005/10/21

References

JPCERT/CC Addendum

eBASE Co., Ltd. has fixed this product and advised customers who have introduced this product to apply workarounds to address this vulnerability.
This vulnerability was reported in version 3.0 released before September 2005.
The versions released after September 2005 does not contain this vulnerability issue.

Credit

Masashi Fujiwara reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000792

Update History