CVE-2007-3677

Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.
Configurations

Configuration 1

cpe:2.3:a:maxsi:evisit_analyst:*:*:*:*:*:*:*:*

Information

Published : 2007-07-11 04:30

Updated : 2017-07-29 01:32


NVD link : CVE-2007-3677

Mitre link : CVE-2007-3677

Products Affected
No products.
CWE