CVE-2007-2314 - Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc

CVE-2007-2314

Summary

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References

Vulnerable Configurations

cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*
cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 05-09-2008 - 21:22)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

osvdb	34818 34819 34820 34821 34822 34823 34824 34825 34826 34827 34828 34829
secunia	24862

Last major update

05-09-2008 - 21:22

Published

26-04-2007 - 21:19

Last modified

05-09-2008 - 21:22