The Romanian hacker going by the name of “Unu” (“One” roughly translated) has uncovered that the official web page of BitDefender, company that specializes in providing security software solutions, is vulnerable to SQL injection. Do not confuse this with Unu’s previous discovery that BitDefender Portugal leaks sensitive and confidential data.

According to Unu, he attempted to contact BitDefender and inform them about the security holes affecting their official web page, but since no email address is provided, all he could do is send the webmaster a comment. He find it very frustrating that a company as prestigious as BitDefender is not capable of securing their database, let alone provide adequate contact info.

“On their contact link, you can send a few words to the webmaster, which I did and to which I didnt get any reply. And the vulnerability persists. Therefore, knowing they read our articles, I will let them know here that they have a vulnerable parameter. And this time its not on one of their partner websites but on their own website. This parameter gives access to the DB. I will not publish too much now as I am waiting for the problem to be solved,” says Unu.

This is not the first time that Unu blows the whistle on some of the biggest names in the security industry and their SQL injection vulnerability. Before BitDefender Portugal which we mentioned above he exposed Kaspersky (the USA web page leaked confidential data by means of SQL injection) and F-secure (vulnerable to SQL injection, did not leak sensitive data).

It must be noted that Unu uncovered the security issue this weekend, Sunday the 15th of January to be more precise; it has been well over a day and BitDefender has yet to provide any response. Details about the vulnerability are being held back by Unu until the problem is addressed. The only thing we know for sure is that the SQL injection vulnerability is to be found in the “News” section of BitDefender’s page.