| ID |
CVE-2007-6491
|
| Summary |
Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 10.0 (as of 15-10-2018 - 21:54) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bugtraq | 20071207 Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability | | osvdb | | | sreason | 3473 |
|
| Last major update |
15-10-2018 - 21:54 |
| Published |
20-12-2007 - 20:46 |
| Last modified |
15-10-2018 - 21:54 |
