Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5425

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-5425
Last Modified 15 Nov 2008 02:00:55
Published 12 Oct 2007 07:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5425

Summary

SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131.

Vulnerable Systems

Application

  • Interspire Activekb 1.5


References

XF - activekb-questid-sql-injection(38202)

BUGTRAQ - 20071010 Vulnerabilities digest

MISC - http://securityvulns.ru/Rdocument901.html

OSVDB - 45486

SREASON - 3216


Last Updated: 27 May 2016 10:46:10