Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4085

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4085
Last Modified 14 Apr 2009 01:18:26
Published 30 Jul 2007 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4085

Summary

Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.

Vulnerable Systems

Application

  • Alstrasoft Askme Pro


References

OSVDB - 46166

OSVDB - 37096

OSVDB - 37095

MISC - http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html


Last Updated: 27 May 2016 10:45:46