CVE-2007-3178 - Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to e

CVE-2007-3178

Summary

Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp.

References

http://osvdb.org/38348
http://osvdb.org/38349
http://securityreason.com/securityalert/2798
http://www.securityfocus.com/archive/1/469710/100/0/threaded
http://www.securityfocus.com/bid/24174
https://exchange.xforce.ibmcloud.com/vulnerabilities/34559

Vulnerable Configurations

cpe:2.3:a:zindizayn_okul_web_sistemi:zindizayn_okul_web_sistemi:1.0:*:*:*:*:*:*:*
cpe:2.3:a:zindizayn_okul_web_sistemi:zindizayn_okul_web_sistemi:1.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2018 - 16:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	24174
bugtraq	20070526 Zindizayn Okul Web Sistemi v1.0 Sql VulnZ.
osvdb	38348 38349
sreason	2798
xf	okulwebsistemi-mezungiris-sql-injection(34559)

Last major update

16-10-2018 - 16:47

Published

11-06-2007 - 22:30

Last modified

16-10-2018 - 16:47