1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA32893

Ocean12 Membership Manager Pro Multiple SQL Injection Vulnerabilities

Report ID: SA32893
Source: Secunia
Date of Discovery: 28.11.2008
Criticality: Moderate
Affects:
Ocean12 Membership Manager Pro 1.x
Compromise From: From remote
Compromise Type: Security bypass
Manipulation of data

Summary

Some vulnerabilities have been reported in Ocean12 Membership Manager Pro, which can be exploited by malicious people to conduct SQL injection attacks.

Detailed Description

Some vulnerabilities have been reported in Ocean12 Membership Manager Pro, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "Username" and "Password" parameters in login.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution

Edit the source code to ensure that input is properly sanitised.