CVE-2007-3178

Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securityreason.com/securityalert/2798
http://www.securityfocus.com/bid/24174
http://osvdb.org/38349
http://osvdb.org/38348
https://exchange.xforce.ibmcloud.com/vulnerabilities/34559
http://www.securityfocus.com/archive/1/469710/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:zindizayn_okul_web_sistemi:zindizayn_okul_web_sistemi:1.0:*:*:*:*:*:*:*

Information

Published : 2007-06-11 15:30

Updated : 2018-10-16 09:47

NVD link : CVE-2007-3178

Mitre link : CVE-2007-3178

JSON object : View

CWE

NVD-CWE-Other

Products Affected

zindizayn_okul_web_sistemi

zindizayn_okul_web_sistemi

7.5 /10