CVE-2007-2314

Sažetak

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Reference

http://secunia.com/advisories/24862
http://www.osvdb.org/34818
http://www.osvdb.org/34819
http://www.osvdb.org/34820
http://www.osvdb.org/34821
http://www.osvdb.org/34822
http://www.osvdb.org/34823
http://www.osvdb.org/34824
http://www.osvdb.org/34825
http://www.osvdb.org/34826
http://www.osvdb.org/34827
http://www.osvdb.org/34828
http://www.osvdb.org/34829

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 21:22

Objavljeno

26-04-2007 - 21:19