Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6566

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6566
Last Modified 15 Nov 2008 02:05:20
Published 28 Dec 2007 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6566

Summary

SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.

Vulnerable Systems

Application

  • Xzero Scripts Xzero Community Classifieds 4.95.11


References

BID - 27042

MILW0RM - 4794

OSVDB - 39740

XF - xzero-index-post-sql-injection(39259)

BUGTRAQ - 20071227 XZero Community Classifieds <= v4.95.11 LFI & SQL Injection

SECUNIA - 28250


Last Updated: 27 May 2016 10:46:32