News Document Title:
====================
Verkehrsbetriebe Berlin Brandenburg closed Bug via hotfix


Release Date:
=============
2012-01-27


Laboratory Article:
===================
Yesterday, three security researchers from vulnerability labs (Pim Campers, Bejamin Kunz Mejri and Marcel Bernhardt) discovered 
a critical security vulnerability in the transport operators service of Berlin Brandenburg (VBB). The vulnerability allows an 
attacker to execute sql commands on the affected dbms. The problem is located in the unescaped variable id_language. 
The vulnerabilty was fixed at the same response day but the response time took over 7 months.

2011-02-09:	Vendor Notification 1
2011-03-06:	Vendor Notification 2
2011-04-13:	Vendor Notification 3
2012-01-25:	Vendor Response/Feedback
2012-01-25:	Vendor Fix/Patch
2012-01-25:	Public or Non-Public Disclosure

The security advisory is available on the laboratory index website ...

Advisory: http://www.vulnerability-lab.com/get_content.php?id=138