CVE Vulnerability

CVE-2007-6517

SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://aria-security.net/forum/showthread.php?p=1174
http://www.securityfocus.com/bid/26962
http://secunia.com/advisories/28193 Vendor Advisory
http://www.osvdb.org/39383
http://www.vupen.com/english/advisories/2007/4302
https://exchange.xforce.ibmcloud.com/vulnerabilities/39176
http://www.securityfocus.com/archive/1/485393/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:aeries:aeries_browser_interface:3.7.9.17:*:*:*:*:*:*:*
Information

Published : 2007-12-24 08:46

Updated : 2018-10-15 09:54

NVD link : CVE-2007-6517

Mitre link : CVE-2007-6517

Products Affected
No products.
CWE
CWE-89