[Japanese]

JVNDB-2011-000003

Aipo vulnerable to SQL injection

Overview

Aipo contains SQL injection vulnerability.

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability.
CVSS Severity (What is CVSS?)

Base Metrics: 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


Aimluck,Inc
  • Aipo Version 5.1 and earlier
  • Aipo ASP Version 5.1 and earlier

Impact

Contents that are managed by Aipo may be viewed by a user that can login to Aipo.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.

This issue has been resolved in Aipo Version 5.1.0.1.
Vendor Information

Aimluck,Inc
CWE (What is CWE?)

  1. SQL Injection(CWE-89) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-3924
References

  1. JVN : JVN#50704770
  2. National Vulnerability Database (NVD) : CVE-2010-3924
  3. Secunia Advisory : SA42860
  4. SecurityFocus : 45755
Revision History

[2010/01/13]
  Web page published