ID CVE-2007-6106Type cveReporter NVDModified 2017-09-28T21:29:48
Description
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
{"id": "CVE-2007-6106", "bulletinFamily": "NVD", "title": "CVE-2007-6106", "description": "SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.", "published": "2007-11-23T15:46:00", "modified": "2017-09-28T21:29:48", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6106", "reporter": "NVD", "references": ["http://advisories.echo.or.id/adv/adv85-K-159-2007.txt", "https://www.exploit-db.com/exploits/4641", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38599", "http://www.securityfocus.com/archive/1/archive/1/484056/100/0/threaded", "http://www.vupen.com/english/advisories/2007/3964", "http://www.securityfocus.com/bid/26519"], "cvelist": ["CVE-2007-6106"], "type": "cve", "lastseen": "2017-09-29T14:25:36", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:alstrasoft:e-friends:4.98"], "cvelist": ["CVE-2007-6106"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.", "edition": 2, "enchantments": {}, "hash": "898c7afadc12164c90074a5697a4d5609a82430967b734341852f5d3d9e23933", "hashmap": [{"hash": "66e899617b7f0acb36151afff8ba5986", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "a911530a1e67c3df9c10ade7e95c9351", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "e11875b2e3068e8fde119cc6c85cd20b", "key": "references"}, {"hash": "7a576144b3eba72f7bb07ceffb18e77d", "key": "cvelist"}, {"hash": "a6cc9fcfc4b1d97f6dc096460f7243bf", "key": "published"}, {"hash": "2c7ec2fe326a63cee6bcb43a0cb6540a", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8554f753126b1dd253f299a4ff924298", "key": "description"}, {"hash": "92d99cafea6fc77988fe7bc8b3525d00", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6106", "id": "CVE-2007-6106", "lastseen": "2017-07-29T11:22:22", "modified": "2017-07-28T21:34:01", "objectVersion": "1.3", "published": "2007-11-23T15:46:00", "references": ["http://advisories.echo.or.id/adv/adv85-K-159-2007.txt", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38599", "http://www.securityfocus.com/archive/1/archive/1/484056/100/0/threaded", "http://www.vupen.com/english/advisories/2007/3964", "http://www.securityfocus.com/bid/26519", "http://www.milw0rm.com/exploits/4641"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-6106", "type": "cve", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-29T11:22:22"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:alstrasoft:e-friends:4.98"], "cvelist": ["CVE-2007-6106"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.", "edition": 1, "enchantments": {}, "hash": "bf1ed32699437d385f915ccce83590acd94b8dc8aae3ea335f47f77a33517a87", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "b0c8b0ee1f30787df698d6104259d417", "key": "modified"}, {"hash": "a911530a1e67c3df9c10ade7e95c9351", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "7a576144b3eba72f7bb07ceffb18e77d", "key": "cvelist"}, {"hash": "a6cc9fcfc4b1d97f6dc096460f7243bf", "key": "published"}, {"hash": "2c7ec2fe326a63cee6bcb43a0cb6540a", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "8554f753126b1dd253f299a4ff924298", "key": "description"}, {"hash": "75c1cf01dbc2373e3e95da87041a7980", "key": "references"}, {"hash": "92d99cafea6fc77988fe7bc8b3525d00", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6106", "id": "CVE-2007-6106", "lastseen": "2016-09-03T09:47:47", "modified": "2011-03-07T22:01:47", "objectVersion": "1.2", "published": "2007-11-23T15:46:00", "references": ["http://xforce.iss.net/xforce/xfdb/38599", "http://advisories.echo.or.id/adv/adv85-K-159-2007.txt", "http://www.securityfocus.com/archive/1/archive/1/484056/100/0/threaded", "http://www.vupen.com/english/advisories/2007/3964", "http://www.securityfocus.com/bid/26519", "http://www.milw0rm.com/exploits/4641"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-6106", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:47:47"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "92d99cafea6fc77988fe7bc8b3525d00"}, {"key": "cvelist", "hash": "7a576144b3eba72f7bb07ceffb18e77d"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "8554f753126b1dd253f299a4ff924298"}, {"key": "href", "hash": "a911530a1e67c3df9c10ade7e95c9351"}, {"key": "modified", "hash": "eff25538d3043805ba909cf753cbc218"}, {"key": "published", "hash": "a6cc9fcfc4b1d97f6dc096460f7243bf"}, {"key": "references", "hash": "e303dc92d2586a3c23c678ab7e4df5d4"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "2c7ec2fe326a63cee6bcb43a0cb6540a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "163cad53fd186ec0740edda1a01c4b8f119f6fd25486e61a1ad707b3acf937ea", "viewCount": 1, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:alstrasoft:e-friends:4.98"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"osvdb": [{"id": "OSVDB:38806", "type": "osvdb", "title": "AlstraSoft E-Friends index.php seid Variable SQL Injection", "description": "## Vulnerability Description\nAlstraSoft E-Friends contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'seid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/index.php?mode=events&act=viewevent&seid=-1%20union%20select%201,2,3,sess_id,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20admin--\n## References:\n[Secunia Advisory ID:27766](https://secuniaresearch.flexerasoftware.com/advisories/27766/)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv85-K-159-2007.txt\nISS X-Force ID: 38599\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4641\nFrSIRT Advisory: ADV-2007-3964\n[CVE-2007-6106](https://vulners.com/cve/CVE-2007-6106)\nBugtraq ID: 26519\n", "published": "2007-11-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:38806", "cvelist": ["CVE-2007-6106"], "lastseen": "2017-04-28T13:20:34"}], "exploitdb": [{"id": "EDB-ID:4641", "type": "exploitdb", "title": "alstrasoft E-Friends <= 4.98 seid Multiple SQL Injection Vulnerabilities", "description": "alstrasoft E-Friends <= 4.98 (seid) Multiple SQL Injection Vulnerabilities. CVE-2007-6106. Webapps exploit for php platform", "published": "2007-11-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4641/", "cvelist": ["CVE-2007-6106"], "lastseen": "2016-01-31T21:24:57"}]}}
