ID CVE-2007-2824
Summary SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
References
Vulnerable Configurations
  • cpe:2.3:a:alstrasoft:e-friends:*:*:*:*:*:*:*:*
    cpe:2.3:a:alstrasoft:e-friends:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 24067
exploit-db 3956
osvdb 38056
xf alstrasoft-index-sql-injection(34400)
Last major update 11-10-2017 - 01:32
Published 22-05-2007 - 21:30
Last modified 11-10-2017 - 01:32
Back to Top