{"id":16540,"date":"2021-07-07T13:01:46","date_gmt":"2021-07-07T11:01:46","guid":{"rendered":"https:\/\/herolab-usd.formwandler.rocks\/security-advisories\/usd-2018-0003\/"},"modified":"2021-07-19T14:07:05","modified_gmt":"2021-07-19T12:07:05","slug":"usd-2018-0003","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2018-0003\/","title":{"rendered":"usd-2018-0003"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" hover_enabled=\"0\" sticky_enabled=\"0\"]<\/p>\n<h1 class=\"h-custom-headline usd-small-letters h2\"><span>usd-2018-0003 | Starface\/6.4.3.34<\/span><\/h1>\n<p><span><\/span><br \/><strong>Advisory ID<\/strong><span>: usd-2018-0003<\/span><br \/><strong>Affected Version<\/strong><span>: 6.4.3.34<\/span><br \/><strong>Vulnerability Type<\/strong><span>: SQL Injection<\/span><br \/><strong>Security Risk<\/strong><span>: high<\/span><br \/><strong>Vendor URL<\/strong><span>: <\/span><a href=\"https:\/\/www.starface.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.starface.com\/<\/a><br \/><strong>Vendor Status<\/strong><span>: Not fixed<\/span><br \/><strong>Advisory Status<\/strong><span>: Partial disclosure<\/span><\/p>\n<h3><\/h3>\n<h3>Description<\/h3>\n<p><span>A SQL injection attack consists of insertion or \u201einjection\u201c of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert\/Update\/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.<\/span><\/p>\n<p><span><\/span><\/p>\n<h3>Proof of Concept (PoC)<\/h3>\n<p>The parameter \u201aphoneCallerIdSettingsForm.callerIdSettings%5B0%5D.callerIdValue\u2018 of the request to \/config\/phone\/callerids\/save.do is vulnerable to an SQL injection.<\/p>\n<p>=&gt; PoC will be published when all issues are fixed.<\/p>\n<h3><\/h3>\n<h3>Fix<\/h3>\n<p><span>Make sure to use prepared Statement for each database which contains user supplied input.<\/span><\/p>\n<h3><\/h3>\n<h3>Timeline<\/h3>\n<ul>\n<li>2018-06-06 First published<\/li>\n<\/ul>\n<p><span><\/span><\/p>\n<h3>Credits<\/h3>\n<p><span>The security vulnerabilities were found by Sebastian Puttkammer of usd AG.<\/span><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2018-0003 | Starface\/6.4.3.34 Advisory ID: usd-2018-0003Affected Version: 6.4.3.34Vulnerability Type: SQL InjectionSecurity Risk: highVendor URL: https:\/\/www.starface.com\/Vendor Status: Not fixedAdvisory Status: Partial disclosure Description A SQL injection attack consists of insertion or \u201einjection\u201c of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16540","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16540"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16540\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}