Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5189

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5189
Last Modified 07 Mar 2011 10:00:16
Published 03 Oct 2007 10:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5189

Summary

Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters.

Vulnerable Systems

Application

  • X-script Guestbook 1.3a


References

VUPEN - ADV-2007-3347

BUGTRAQ - 20071001 New Advisory: X-script GuestBook

XF - xscriptguestbook-mesadd-sql-injection(36895)

BID - 25890

SREASON - 3186


Last Updated: 27 May 2016 10:46:06