OneOrZero Action & Information Management System (AIMS) is vulnerable to an authentication bypass and SQL injection.
According to the vendor's website:
"OneOrZero AIMS is a powerful enterprise ready suite that includes a help desk, knowledge base, time manager and reporting system supported by a highly configurable and extensible Action & Information Management System that allows you to 'build your own system' on the fly."
An unauthenticated remote attacker may be able to bypass authentication or leak database information.
We are currently unaware of a practical solution to this problem.
Thanks to Yuri Goltsev of Positive Technologies for reporting this vulnerability.
This document was written by Jared Allar.
|Date First Published:||2011-10-13|
|Date Last Updated:||2011-10-13 14:49 UTC|