Intrusion Prevention

SINAPSI.eSolar.Light.Photovoltaic.System.Monitor.SQL.Injection

Description

This indicates an attack attempt against a SQL Injection vulnerability in SINAPSI eSolar Light Photovoltaic System Monitor.
The vulnerability is caused by insufficient sanitizing of the parameters "lingua", that is passed to "changelanguagesession.php" , or the parameter "inverterselect" that is passed to "dettagliinverter.php". It allows a remote attacker to inject arbitrary SQL statement via a crafted HTTP Request.

Affected Products

SINAPSI eSolar Light Photovoltaic System Monitor

Impact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2012-5861