CVE-2007-6559

Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/39790
http://osvdb.org/39791
http://secunia.com/advisories/28263
http://securityreason.com/securityalert/3496
http://www.securityfocus.com/archive/1/485480/100/0/threaded
http://www.securityfocus.com/archive/1/490101/100/0/threaded
http://www.securityfocus.com/bid/27003	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:logaholic:logaholic:0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-12-28 00:46

Updated : 2024-02-04 17:13

NVD link : CVE-2007-6559

Mitre link : CVE-2007-6559

CVE.ORG link : CVE-2007-6559

JSON object : View

Products Affected

logaholic

logaholic

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10