CVE-2007-3628 - Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-M

CVE-2007-3628

Summary

Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."

References

http://osvdb.org/45805
http://pear.php.net/package/Structures_DataGrid_DataSource_MDB2/download/0.1.10
http://www.vupen.com/english/advisories/2007/2425

Vulnerable Configurations

cpe:2.3:a:pear:structures_datagrid_datasource_mdb2:*:*:*:*:*:*:*:*
cpe:2.3:a:pear:structures_datagrid_datasource_mdb2:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-03-2011 - 02:56)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

confirm	http://pear.php.net/package/Structures_DataGrid_DataSource_MDB2/download/0.1.10
osvdb	45805
vupen	ADV-2007-2425

Last major update

08-03-2011 - 02:56

Published

09-07-2007 - 16:30

Last modified

08-03-2011 - 02:56