News Document Title:
====================
AOK GesundheitsKasse fixed critical SQL Injection Vulnerability


Release Date:
=============
2011-08-02


Laboratory Article:
===================
AOK website developers have fixed a critical sql injection vulnerability on a main module of the website.
The vulnerability allows  remote attackers to read user details, profiles & e-mails of registered customers from the application dbms. 
The vulnerability is located on the dsp_font_main module of the public aok website.

Vulnerable Module(s):
			                              [+] dsp_front_main


Report-Timeline:
================
2011-02-06:	Vendor Notification
2011-06-03:	Vendor Response/Feedback
2011-07-27:	Vendor Fix/Patch
2011-08-02:	Public or Non-Public Disclosure


Solution:
=========
2011-07-27:	Vendor Fix/Patch


Risk:
=====
The security risk of the remote sql injection vulnerability is estimated as high