Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6140

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6140
Last Modified 07 Mar 2011 10:02:02
Published 27 Nov 2007 02:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6140

Summary

Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.

Vulnerable Systems

Application

  • Dora Emlak 2.0


References

VUPEN - ADV-2007-4000

BID - 26574

MISC - http://www.packetstormsecurity.org/0711-exploits/dora-sql.txt

SECUNIA - 27812

OSVDB - 38822

OSVDB - 38821

OSVDB - 38820

XF - doraemlak-multiple-sql-injection(38634)


Last Updated: 27 May 2016 10:46:24