Test Kennung:	1.3.6.1.4.1.25623.1.0.806069
Kategorie:	Web application abuses
Titel:	Open-Xchange (OX) App Suite SQL Injection Vulnerability (Oct 2015)
Zusammenfassung:	Open-Xchange (OX) App Suite is prone to an SQL injection (SQLi) vulnerability.
Beschreibung:	Summary: Open-Xchange (OX) App Suite is prone to an SQL injection (SQLi) vulnerability. Vulnerability Insight: The flaw is due to 'ExtractValue' function allows execution of arbitrary SQL code by passing it through MySQLs XPath interpreter. Vulnerability Impact: Successful exploitation will allow remote authenticated users to execute arbitrary SQL commands via a crafted 'jslob API call'. Affected Software/OS: Open-Xchange (OX) App Suite versions before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23. Solution: Update to version 7.4.2-rev36 or 7.6.0-rev23 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7871 BugTraq ID: 70982 http://www.securityfocus.com/bid/70982 Bugtraq: 20141107 Open-Xchange Security Advisory 2014-11-07 (Google Search) http://www.securityfocus.com/archive/1/533936/100/0/threaded http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.html XForce ISS Database: oxappsuite-cve20147871-sql-injection(98563) https://exchange.xforce.ibmcloud.com/vulnerabilities/98563
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.