CVE Vulnerability

CVE-2007-4086

Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html Exploit
http://osvdb.org/37877
http://osvdb.org/37875
http://osvdb.org/37874
http://osvdb.org/37876
http://osvdb.org/37872
http://osvdb.org/37878
http://osvdb.org/37873
Configurations

Configuration 1

cpe:2.3:a:alstrasoft:video_share_enterprise:*:*:*:*:*:*:*:*
Information

Published : 2007-07-30 05:30

Updated : 2008-11-15 06:55

NVD link : CVE-2007-4086

Mitre link : CVE-2007-4086

Products Affected

Alstrasoft

Video Share Enterprise

CWE
NVD-CWE-Other