search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Parodia blind SQL injection vulnerability

Vulnerability Note VU#246310

Original Release Date: 2011-06-27 | Last Revised: 2011-06-27

Overview

The Parodia job board software is vulnerable to a blind SQL injection vulnerability. Parodia 6.8 and earlier versions are reported to be affected.

Description

Parodia is an ASP based job board application used for recruitment web sites. The Parodia software fails to properly sanitize SQL queries, which makes it vulnerable to a blind SQL injection attack.

Impact

A remote unauthenticated attacker may be able to compromise sensitive information.

Solution

Apply an Update

Parodia version 6.809 has addressed this vulnerability. Parodia users should contact the vendor directly to receive the latest version.

Vendor Information

246310
 
Expand all

Cactusoft Ltd Affected

Notified:  June 15, 2011 Updated: June 27, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://www.parodia.net/

Acknowledgements

Thanks to Carlos Mario Penagos Hollmann of Synapse Information Technology for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: None
Severity Metric: 1.91
Date Public: 2011-06-27
Date First Published: 2011-06-27
Date Last Updated: 2011-06-27 13:46 UTC
Document Revision: 9

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis