Advisory: SolusLabs - SolusVM
- Advisory date: 29/05/2012
- Vulnerability severity: HIGH
- Affected versions: 1.7.02 and previous versions
Vendor details
Solus Virtual Manager (SolusVM) is a powerful GUI based VPS management system with full OpenVZ, Linux KVM, Xen Paravirtualization and Xen HVM support. SolusVM allows you and your clients to manage a VPS cluster with security & ease.
Vulnerability details
SolusVM contains a vulnerability that allows remote, unauthenticated attackers to inject SQL commands (SQLi) on vulnerable installations of SolusVM.
The file "lostpassword.php" does not sufficiently sanitize user-supplied data for the GET variable "code".
PoC
GET /lostpassword.php?mode=verify&code=-1'+[SQLi]+'n
Advisory timeline
- 11/09/2011: vulnerability reported to vendor
- 11/09/2011: vulnerability patched by vendor
- 29/05/2012: advisory releasedÂ