ID CVE-2007-3430
Summary SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
References
Vulnerable Configurations
  • cpe:2.3:a:simple_invoices:simple_invoices:2007-05-25:*:*:*:*:*:*:*
    cpe:2.3:a:simple_invoices:simple_invoices:2007-05-25:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 24601
exploit-db 4098
osvdb 36293
secunia 25789
vupen ADV-2007-2310
xf simpleinvoices-index-sql-injection(35021)
Last major update 11-10-2017 - 01:32
Published 27-06-2007 - 00:30
Last modified 11-10-2017 - 01:32
Back to Top