Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5430

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5430
Last Modified 15 Nov 2008 02:00:56
Published 12 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5430

Summary

Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.

Vulnerable Systems

Application

  • Scottmanktelow Stride Cms 1.0


References

BUGTRAQ - 20071010 Vulnerabilities digest

MISC - http://securityvulns.ru/Sdocument4.html

OSVDB - 43494

OSVDB - 43492

OSVDB - 43491

BID - 26046

BID - 26041

BID - 26036

SREASON - 3216


Last Updated: 27 May 2016 10:46:10