CVE-2014-9095 Information

Description

Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.

Reference

http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Jul/79 http://secunia.com/advisories/60138 http://www.securityfocus.com/bid/68722