Lucene search

[email protected]CVE-2007-6138

HistoryNov 27, 2007 - 7:46 p.m.

CVE-2007-6138

2007-11-2719:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-6138

sql injection

vu mass mailer

remote code execution

security vulnerability

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.8%

JSON

SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
vu:mass_mailervu mass mailereq*

CPE	Name	Operator	Version
vu:mass_mailer	vu mass mailer	eq	*

References

aria-security.net/forum/showthread.php?t=447

osvdb.org/38807

secunia.com/advisories/27758

www.securityfocus.com/archive/1/484021/100/0/threaded

www.securityfocus.com/bid/26522

www.vupen.com/english/advisories/2007/3966

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2007-6138

prion1