Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012.
The vulnerability classified as CWE-89 (SQL Injection) results from lack of proper validation or parameterization of input data passed to database queries. An attacker can send a crafted query containing a malicious SQL payload without authentication over the network. This allows manipulation of the logic of queries executed by the application against the database.
Attackers can gain unauthorized access to data stored in the database, modify or delete data, and in certain configurations lead to complete system takeover or unavailability.
Vasion Print must be updated to Virtual Appliance Host version 22.0.1002 or later and Application version 20.0.2614 or later. Detailed information is available in the vendor's security bulletin at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vasion Print (formerly PrinterLogic) in Virtual Appliance Host version below 22.0.1002 and Application version below 20.0.2614
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPrinterlogic Vasion Print
APPPrinterlogic< 20.0.2614Printerlogic Virtual Appliance
APPPrinterlogic< 22.0.1002
Related vulnerabilities
Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)
Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia
Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników
Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On
Vasion Print / PrinterLogic — niebezpieczna instalacja rozszerzeń przez HTTP