Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6587

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6587
Last Modified 05 May 2014 12:00:58
Published 28 Dec 2007 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6587

Summary

SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerable Systems

Application

  • Plogger 1.0

  • Plogger 1.0 Beta 3.0


References

BID - 26958

MISC - http://www.mwrinfosecurity.com/publications/mwri_plogger-photo-gallery-sql-injection-vulnerability_2007-12-17.pdf

CONFIRM - http://dev.plogger.org/changeset/489

MISC - https://labs.mwrinfosecurity.com/advisories/2007/12/17/plogger-sql-injection/

XF - plogger-id-sql-injection(75789)

BID - 53644

OSVDB - 39764

MISC - http://packetstormsecurity.org/files/112947/Plogger-Photo-Gallery-SQL-Injection.html

MISC - http://packetstormsecurity.com/files/112947/Plogger-Photo-Gallery-SQL-Injection.html

VIM - 20120531 CVE-2012-2951 - believe this is a dupe


Last Updated: 27 May 2016 10:47:13