CVE-2007-0970 - Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers

CVE-2007-0970

Summary

Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.

References

http://osvdb.org/33203
http://osvdb.org/33204
http://secunia.com/advisories/24157
http://securityreason.com/securityalert/2261
http://www.securityfocus.com/archive/1/460078/100/0/threaded
http://www.securityfocus.com/bid/22559
http://www.vupen.com/english/advisories/2007/0633
https://exchange.xforce.ibmcloud.com/vulnerabilities/32490

Vulnerable Configurations

cpe:2.3:a:webtester:webtester:*:*:*:*:*:*:*:*
cpe:2.3:a:webtester:webtester:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2018 - 16:35)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	22559
bugtraq	20070214 WebTester 5.0.2 sql injection and XSS vulnerabilities
osvdb	33203 33204
secunia	24157
sreason	2261
vupen	ADV-2007-0633
xf	webtester-directions-sql-injection(32490)

Last major update

16-10-2018 - 16:35

Published

16-02-2007 - 01:28

Last modified

16-10-2018 - 16:35