Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6106

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6106
Last Modified 07 Mar 2011 10:01:47
Published 23 Nov 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6106

Summary

SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.

Vulnerable Systems

Application

  • Alstrasoft E-friends 4.98


References

XF - alstrasoft-seid-sql-injection(38599)

VUPEN - ADV-2007-3964

BID - 26519

BUGTRAQ - 20071122 [ECHO_ADV_85$2007] alstrasoft E-Friends <= 4.98 (seid) Multiple Remote SQL Injection Vulnerabilities

MILW0RM - 4641

SECUNIA - 27766

MISC - http://advisories.echo.or.id/adv/adv85-K-159-2007.txt


Last Updated: 27 May 2016 10:46:22