Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities

Summary
This host is running Adiscon LogAnalyzer and is prone to multiple SQL injection and cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to steal cookie based authentication credentials, compromise the application, access or modify data or exploit latent vulnerabilities in the underlying database. Impact Level: Application
Solution
Upgrade to Adiscon LogAnalyzer version 3.4.3 or later, For updates refer to http://loganalyzer.adiscon.com/
Insight
Multiple flaws are due to - Input passed via the 'filter' parameter to index.php, the 'id' parameter to admin/reports.php and admin/searches.php is not properly sanitised before being returned to the user. - Input passed via the 'Columns[]' parameter to admin/views.php is not properly sanitised before being used in SQL queries.
Affected
Adiscon LogAnalyzer version 3.4.2 and prior
References