CVE-2007-1363 - Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute ar

CVE-2007-1363

Summary

Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.

References

http://secunia.com/advisories/24861
http://www.cynops.de/advisories/CVE-2007-1363.txt
http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
http://www.securityfocus.com/bid/23400
https://exchange.xforce.ibmcloud.com/vulnerabilities/33560

Vulnerable Configurations

cpe:2.3:a:dropafew:dropafew:*:*:*:*:*:*:*:*
cpe:2.3:a:dropafew:dropafew:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	23400
confirm	http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
misc	http://www.cynops.de/advisories/CVE-2007-1363.txt
secunia	24861
xf	dropafew-multiple-sql-injection(33560)

Last major update

29-07-2017 - 01:30

Published

11-04-2007 - 22:19

Last modified

29-07-2017 - 01:30