SQL Injection Vulnerability in Citrix XenCenterWeb
CVE-2009-3758

Currently unrated

Key Information:

Vendor

Citrix
Status
Xencenterweb
Vendor
CVE Published:
22 October 2009

What is CVE-2009-3758?

An SQL injection vulnerability exists in the login.php file of the sample code provided within the XenServer Resource Kit for Citrix XenCenterWeb. This flaw allows remote attackers to manipulate the username parameter in the login process to execute arbitrary SQL commands on the database backend. Exploiting this vulnerability could lead to unauthorized access, data leakage, and potential compromise of systems relying on XenCenterWeb.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/504764
mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2009/1814
vdb-entryx_refsource_VUPEN
http://securenetwork.it/ricerca/advisory/download/SN-2009...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.