CVE Vulnerability

CVE-2007-6269

Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://marc.info/?l=bugtraq&m=119678724111351&w=2
http://www.procheckup.com/Vulnerability_PR07-39.php
http://www.xigla.com/news/default.aspx
http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip
http://www.securityfocus.com/bid/26692 Exploit Patch
http://secunia.com/advisories/27923 Vendor Advisory
http://osvdb.org/40576
https://exchange.xforce.ibmcloud.com/vulnerabilities/38871
Configurations

Configuration 1

cpe:2.3:a:xigla:absolute_news_manager.net:5.1:*:*:*:*:*:*:*
Information

Published : 2007-12-07 11:46

Updated : 2017-08-08 01:29

NVD link : CVE-2007-6269

Mitre link : CVE-2007-6269

Products Affected
No products.
CWE
CWE-89