Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6127

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6127
Last Modified 07 Mar 2011 10:01:49
Published 26 Nov 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6127

Summary

Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.

Vulnerable Systems

Application

  • Project Alumni 1.0.8

  • Project Alumni 1.0.9


References

VUPEN - ADV-2007-3999

BID - 26564

MILW0RM - 4655

XF - projectalumni-index-sql-injection(38620)

SECUNIA - 27820


Last Updated: 27 May 2016 10:46:24