Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4810

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4810
Last Modified 15 Nov 2008 01:58:37
Published 11 Sep 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4810

Summary

Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php.

Vulnerable Systems

Application

  • Netjuke 1.0 Rc2


References

BID - 25600

BUGTRAQ - 20070908 Netjuke 1.0-rc2 - sql injection & XSS

OSVDB - 38834

OSVDB - 38833

XF - netjuke-explore-xml-sql-injection(36516)

SREASON - 3110


Last Updated: 27 May 2016 10:45:58