Vasion Print SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Vasion Print (formerly PrinterLogic) versions prior to Virtual Appliance Host 22.0.1002 and Application 20.0.2614. The vulnerability arises because the application does not use parameterized queries for data retrieval, leaving it open to injection attacks. Instead, it relies on a custom Data Access Object (DAO) framework that attempts to sanitize user input, but this method is insufficient.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to execute arbitrary SQL code. This could lead to unauthorized data access, data modification, or in some cases, executing administrative operations on the database.

Remediation

Users can update to Vasion Print, Virtual Appliance Host 22.0.1002 and Application 20.0.2614 to address this vulnerability.