Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4208

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4208
Last Modified 07 Mar 2011 09:57:59
Published 07 Aug 2007 10:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4208

Summary

SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.

Vulnerable Systems

Application

  • Morgan Ids Next Gen Portfolio Manager


References

VUPEN - ADV-2007-2797

BID - 25195

BUGTRAQ - 20070803 [Aria-Security.Net] Next Gen Portfolio Manager SQL Injection

OSVDB - 36280

XF - nextgen-default-sql-injection(35787)

SREASON - 2976

SECUNIA - 26338

MISC - http://outlaw.aria-security.info/?p=14


Last Updated: 27 May 2016 10:45:48