Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6338

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6338
Last Modified 03 Mar 2014 12:14:38
Published 14 Dec 2007 08:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6338

Summary

SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Trivantis Coursemill Enterprise Learning Management System 4.1


References

BID - 26865

BUGTRAQ - 20071213 + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338

SECUNIA - 28098

MISC - http://packetstorm.linuxsecurity.com/0712-exploits/trivantis-sql.txt

XF - coursemill-userlogin-sql-injection(39031)

OSVDB - 39156

SREASON - 3450


Last Updated: 27 May 2016 10:46:28