Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6217

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6217
Last Modified 07 Mar 2011 10:02:12
Published 04 Dec 2007 10:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6217

Summary

Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Irola My-time 3.5


References

VUPEN - ADV-2007-3996

BUGTRAQ - 20071123 Aria-Security.net: Irola My-Time v3.5 SQL Injection

MILW0RM - 4649

SECUNIA - 27798

OSVDB - 38813

MISC - http://aria-security.net/forum/showthread.php?p=1106

BID - 26548

SREASON - 3414


Last Updated: 27 May 2016 10:46:24