Published: 26/11/2007 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in project alumni 1.0.9 and previous versions allow remote malicious users to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
project alumni project alumni

project-alumni sql injection & xss author : tomplixsee tomplixsee@yahoocoid ------------------------------------------------------------------------------------------------------------- affected software version : project alumni v109, v108, or lower?? download : sourceforgenet/projects/project-alumni/ vulnerability ======== ...

CWE-89 http://www.securityfocus.com/bid/26564 http://secunia.com/advisories/27820 http://www.vupen.com/english/advisories/2007/3999 https://exchange.xforce.ibmcloud.com/vulnerabilities/38620 https://www.exploit-db.com/exploits/4655 https://nvd.nist.gov https://www.exploit-db.com/exploits/4655/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-6127

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect