CVE-2007-4171

Sažetak

SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/36432
http://secunia.com/advisories/26332
http://www.securityfocus.com/archive/1/475645/100/0/threaded
http://www.securityfocus.com/bid/25202
https://exchange.xforce.ibmcloud.com/vulnerabilities/35814
https://www.exploit-db.com/exploits/4254

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-10-2018 - 21:33

Objavljeno

07-08-2007 - 10:17