Lucene search

[email protected]NVD:CVE-2007-6143

HistoryNov 27, 2007 - 7:46 p.m.

CVE-2007-6143

2007-11-2719:46:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.003

Percentile

70.2%

JSON

SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.

Affected configurations

Nvd

Node

vucase_manager

VendorProductVersionCPE
vucase_manager*cpe:2.3:a:vu:case_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vu	case_manager	*	cpe:2.3:a:vu:case_manager::::::::

References

aria-security.net/forum/showthread.php?t=448

secunia.com/advisories/27779

www.securityfocus.com/archive/1/484019/100/0/threaded

www.securityfocus.com/bid/26523

www.vupen.com/english/advisories/2007/3967

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.003

Percentile

70.2%

JSON

Related for NVD:CVE-2007-6143

cvelist2 cve2 prion2 nvd1