Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22154
HistoryJul 13, 2009 - 12:00 a.m.

DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass

2009-07-1300:00:00
vulners.com
33
JSON

Title

DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass

Severity

Medium

Date Discovered

May 12, 2009

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: Geoff Humes and r@b13$

Vulnerability Description

The login screen of the LogRover web interface is vulnerable to a SQL Injection which can allow remote attackers to
login to the system via an authentication bypass.

Solution Description

Limit access to the login page to internal networks and trusted users only.

Tested Systems / Software (with versions)

LogRover version 2.3 for Windows XP

Vendor Contact

Name: LogRover
Website: http://www.logrover.com/

JSON