PT-2015-01: SQL Injection in Solar-Log WEB Vulnerable softwareSolar-Log WEBLink: http://www.solar-log.com/Severity levelSeverity level: High Impact: SQL Injection Access Vector: Remote CVSS v2: Base Score: 7.5 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)CVE: not assignedSoftware descriptionSolar-log WEB is a web-based monitoring application that allows installers, Portal operators and service providers to manage and monitor installed systems remotely.Vulnerability descriptionThe specialists of the Positive Research center have detected an SQL injection vulnerability in Solar-Log WEB.SQL Injection vulnerability allows remote attackers to execute arbitrary SQL commands via a specially crafted request.How to fixUpdate your sofware up to the latest versionAdvisory status 12.01.2015 - Vendor gets vulnerability details 13.01.2015 - Vendor releases fixed version and details 13.02.2015 - Public disclosureCreditsThe vulnerability was detected by Sergey Gordeychik, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2015-01 Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/