ID CVE-2007-2314
Summary Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*
    cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 05-09-2008 - 21:22)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
osvdb
  • 34818
  • 34819
  • 34820
  • 34821
  • 34822
  • 34823
  • 34824
  • 34825
  • 34826
  • 34827
  • 34828
  • 34829
secunia 24862
Last major update 05-09-2008 - 21:22
Published 26-04-2007 - 21:19
Last modified 05-09-2008 - 21:22
Back to Top