[Japanese]

JVNDB-2006-000631

ACollab SQL injection vulnerability

Overview

ACollab is open source web-based groupware and is also available as an add-on for e-learning content management system ATutor. ACollab contains a SQL injection vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


ATRC
  • ACollab 1.2 and earlier

Impact

A remote attacker could modify the database contents or steal data. An attacker could also bypass authentication and impersonate a user.
Solution

Development and maintenance of ACollab finished with version 1.2 as of July 6, 2006. However ATutor 1.5.3 includes the almost same functionality as ACollab. Users of ACollab are recommended to swith to ATutor 1.5.3.
Vendor Information

ATRC
  • ACollab Accessible Collaboration Environment : Top Page
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#73705637
Revision History

  • [2008/05/21]
      Web page published