Lucene search

MitreCVE-2007-4106

HistoryJul 31, 2007 - 10:17 a.m.

CVE-2007-4106

2007-07-3110:17:00

mitre

web.nvd.nist.gov

cve

2007

4106

sql injection

codewidgets

pay roll

time sheet

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.

Affected configurations

Nvd

Node

codewidgetspay_roll_-_time_sheet

codewidgetspunch_card

VendorProductVersionCPE
codewidgetspay_roll_-_time_sheet*cpe:2.3:a:codewidgets:pay_roll_-_time_sheet:*:*:*:*:*:*:*:*
codewidgetspunch_card*cpe:2.3:a:codewidgets:punch_card:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
codewidgets	pay_roll_-_time_sheet	*	cpe:2.3:a:codewidgets:pay_roll_-_time_sheet::::::::
codewidgets	punch_card	*	cpe:2.3:a:codewidgets:punch_card::::::::

References

outlaw.aria-security.info/?p=10

secunia.com/advisories/26275

securityreason.com/securityalert/2950

www.securityfocus.com/archive/1/474935/100/0/threaded

www.securityfocus.com/bid/25114

exchange.xforce.ibmcloud.com/vulnerabilities/35665

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

Related for CVE-2007-4106