CVE-2007-4119 - Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Ziyaretci Defteri 2.0 allow remo

CVE-2007-4119

Summary

Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Ziyaretci Defteri 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) Pass fields.

References

http://secunia.com/advisories/26371
http://securityreason.com/securityalert/2943
http://www.securityfocus.com/archive/1/474930/100/0/threaded
http://www.securityfocus.com/bid/25109
http://www.vupen.com/english/advisories/2007/2761
https://exchange.xforce.ibmcloud.com/vulnerabilities/35684

Vulnerable Configurations

cpe:2.3:a:berthanas_ziyaretci:defteri:2.0:*:*:*:*:*:*:*
cpe:2.3:a:berthanas_ziyaretci:defteri:2.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 15-10-2018 - 21:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	25109
bugtraq	20070727 Berthanas Ziyaretci Defteri v2.0 (tr) Sql
secunia	26371
sreason	2943
vupen	ADV-2007-2761
xf	berthanas-yonetici-sql-injection(35684)

Last major update

15-10-2018 - 21:33

Published

01-08-2007 - 16:17

Last modified

15-10-2018 - 21:33