Lucene search

[email protected]CVE-2007-4208

HistoryAug 08, 2007 - 2:17 a.m.

CVE-2007-4208

2007-08-0802:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4208

sql injection

next gen portfolio manager

remote attackers

arbitrary commands

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.093 Low

EPSS

Percentile

94.7%

JSON

SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.

Affected configurations

NVD

Node

morgan_idsnext_gen_portfolio_manager

CPENameOperatorVersion
morgan_ids:next_gen_portfolio_managermorgan ids next gen portfolio managereq*

CPE	Name	Operator	Version
morgan_ids:next_gen_portfolio_manager	morgan ids next gen portfolio manager	eq	*

References

osvdb.org/36280

outlaw.aria-security.info/?p=14

secunia.com/advisories/26338

securityreason.com/securityalert/2976

www.securityfocus.com/archive/1/475449/100/0/threaded

www.securityfocus.com/bid/25195

www.vupen.com/english/advisories/2007/2797

exchange.xforce.ibmcloud.com/vulnerabilities/35787

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.093 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2007-4208

nvd1 prion1 cvelist1