SQL Injection Vulnerability in Citrix XenCenterWeb
CVE-2009-3758

Currently unrated

Key Information:

Vendor: Citrix
Status: Xencenterweb
Vendor: CVE Published:; 22 October 2009

Summary

An SQL injection vulnerability exists in the login.php file of the sample code provided within the XenServer Resource Kit for Citrix XenCenterWeb. This flaw allows remote attackers to manipulate the username parameter in the login process to execute arbitrary SQL commands on the database backend. Exploiting this vulnerability could lead to unauthorized access, data leakage, and potential compromise of systems relying on XenCenterWeb.

References

http://www.securityfocus.com/archive/1/504764

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2009/1814

vdb-entryx_refsource_VUPEN

http://securenetwork.it/ricerca/advisory/download/SN-2009...

x_refsource_MISC

Timeline

Vulnerability published
Oct 22, 2009
Vulnerability Reserved
Oct 22, 2009