Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
References
Link | Resource |
---|---|
http://packetstormsecurity.org/0909-exploits/heat-sql.txt | Exploit |
http://secunia.com/advisories/36900 | Vendor Advisory |
http://packetstormsecurity.org/0909-exploits/heat-sql.txt | Exploit |
http://secunia.com/advisories/36900 | Vendor Advisory |
Configurations
History
21 Nov 2024, 01:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.org/0909-exploits/heat-sql.txt - Exploit | |
References | () http://secunia.com/advisories/36900 - Vendor Advisory |
Information
Published : 2009-10-09 14:30
Updated : 2025-04-09 00:30
NVD link : CVE-2009-3642
Mitre link : CVE-2009-3642
CVE.ORG link : CVE-2009-3642
JSON object : View
Products Affected
frontrange
- heat
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')