Jive.Openfire.Server.SQL.Injection
Description
This indicates an attack attempt against an SQL-injection vulnerability in Openfire.
The vulnerability is caused by an error when the vulnerable software handles sipark-log-summary.jsp. It allows a remote attacker to perform SQL injection via sending a crafted web page.
Affected Products
Ignite Realtime Openfire 3.6.0a
Impact
System Compromise: Remote attackers can inject SQL codes.
Recommended Actions
Refer to the vendor's web site for the suggested workaround.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |