IDCVSSSummaryLast (major) updatePublished
CVE-2007-2759 7.5
Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parame
29-07-2017 - 01:31 18-05-2007 - 22:30
CVE-2007-2760 9.0
The canUpdate function in model/ in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party in
29-07-2017 - 01:31 18-05-2007 - 22:30
Back to Top Mark selected
Back to Top