CVE-2007-1575 - Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow

CVE-2007-1575

Summary

Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out.

References

Vulnerable Configurations

cpe:2.3:a:phprojekt:phprojekt:5.1:*:*:*:*:*:*:*
cpe:2.3:a:phprojekt:phprojekt:5.1:*:*:*:*:*:*:*
cpe:2.3:a:phprojekt:phprojekt:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:phprojekt:phprojekt:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:phprojekt:phprojekt:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:phprojekt:phprojekt:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:phprojekt:phprojekt:5.2:*:*:*:*:*:*:*
cpe:2.3:a:phprojekt:phprojekt:5.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2018 - 16:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	22955
bugtraq	20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection
confirm	http://www.phprojekt.com/index.php?name=News&file=article&sid=276
gentoo	GLSA-200706-07
misc	http://www.nruns.com/security_advisory_phprojekt_sql_injection.php
secunia	24509 25748
sreason	2466

Last major update

16-10-2018 - 16:39

Published

21-03-2007 - 21:19

Last modified

16-10-2018 - 16:39