Vulnerability: Blind SQL injection.

Any and all non-support discussions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Vulnerability: Blind SQL injection.

Postby nidhinca » Wed Nov 15, 2017 3:41 am

There is a critical vulnerability discovered on the Predictive Dialer Application by scanning Qualys.Express.

http://10.10.99.1/agc.new/astguiclient.php
http://10.10.99.1/

Issue: Blind SQL injection. This give access to the back end database of the application.

Installation details:

Centos 6.5 64Bit

Astguiclient:

Version: 2.10-401a

Build: 630508-2256


Kindly also avail us the root cause of this and fix this issues.
nidhinca
 
Posts: 6
Joined: Mon Jul 29, 2013 6:42 am

Re: Vulnerability: Blind SQL injection.

Postby mflorell » Wed Nov 15, 2017 6:04 am

That version is years old and we have patched many security holes since then. I would suggest upgrading to the latest svn/trunk version if you want a secure system.
mflorell
Site Admin
 
Posts: 18335
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: Vulnerability: Blind SQL injection.

Postby nidhinca » Tue Dec 19, 2017 8:21 am

Thanks for the reply. As we have done multiple customizations on the existing server, we will not be able to change the version.
nidhinca
 
Posts: 6
Joined: Mon Jul 29, 2013 6:42 am


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 64 guests