Security advisory: KnowledgeTree login.php Blind SQL Injection

From KnowledgeTree Community

Jump to: navigation, search

Contents

Description

The KnowledgeTree login page is vulnerable to a blind SQL injection vulnerability within the username field. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host OS.

Thanks to sxkeebler of Digital Defense, Inc for reporting the issue.

Affected Installations

3.7.0.2 Commercial and Community Editions


Severity

CRITICAL


How to resolve this issue

To resolve this issue, please perform the following steps: 

1) Locate and backup the following file:
<KnowledgeTree Directory>/lib/users/User.inc

2) Replace the file with the version available in the zip file here:

User.zip


Note To All KnowledgeTree Live and Software as a Service Customers

No action required by you.

Retrieved from "http://wiki.knowledgetree.org/Security_advisory:_KnowledgeTree_login.php_Blind_SQL_Injection"
Personal tools