Advisory: SolusLabs - SolusVM
- Advisory date: 29/05/2012
- Vulnerability severity: HIGH
- Affected versions: 1.7.02 and previous versions
Solus Virtual Manager (SolusVM) is a powerful GUI based VPS management system with full OpenVZ, Linux KVM, Xen Paravirtualization and Xen HVM support. SolusVM allows you and your clients to manage a VPS cluster with security & ease.
SolusVM contains a vulnerability that allows remote, unauthenticated attackers to inject SQL commands (SQLi) on vulnerable installations of SolusVM.
The file "lostpassword.php" does not sufficiently sanitize user-supplied data for the GET variable "code".
- 11/09/2011: vulnerability reported to vendor
- 11/09/2011: vulnerability patched by vendor
- 29/05/2012: advisory released