Raritan Power IQ SQL Injection Vulnerability Network Vulnerability

Summary

Raritan Power IQ SQL Injection Vulnerability

Impact

Successful exploitation will allow attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Solution

Install the patch from Raritan at https://www.raritan.com/support/product/poweriq/security-patches

Insight

Raritan PowerIQ is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the /license/records script using the sort or dir parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.

Affected

Raritan Power IQ 4.2.2, 4.1.3 and below.

Detection

Perform a time-based blind SQL injection request.

References

http://seclists.org/fulldisclosure/2014/Jul/79
http://xforce.iss.net/xforce/xfdb/94717

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Struts2 showcase namespace XSS Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Apache Tomcat Multiple Vulnerabilities June-09

Take action and discover your vulnerabilities