SQL Injection Vulnerability in IBM Informix Web DataBlade 4.12
CVE-2002-0555

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Web Datablade
Vendor: CVE Published:; 3 July 2002

Summary

The IBM Informix Web DataBlade 4.12 contains a vulnerability that allows for SQL injection due to improper handling of user input. Specifically, the product fails to adequately escape input, allowing remote attackers to inject and execute SQL code through web forms. This occurs even when developers have implemented escaping measures, creating a significant security risk for applications using this product.

References

http://www.securityfocus.com/bid/4498

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2002-04/01...

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/8827.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jul 3, 2002
Vulnerability Reserved
Jun 7, 2002