Primary

Context

Vasion Print SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Vasion Print (formerly PrinterLogic) versions prior to Virtual Appliance Host 22.0.843 and Application 20.0.1923. The vulnerability arises because the application does not use parameterized queries for data retrieval, relying instead on a custom Data Access Object (DAO) framework that attempts to prevent SQL injection through string escaping functions. This approach is inadequate, leaving the application open to injection attacks.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to execute arbitrary SQL code. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Remediation

Users can update to Vasion Print, Virtual Appliance Host 22.0.843 / Application 20.0.1923 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vasion Print SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating