Lucene search

[email protected]CVE-2007-4106

HistoryJul 31, 2007 - 10:17 a.m.

CVE-2007-4106

2007-07-3110:17:00

[email protected]

web.nvd.nist.gov

cve

2007

4106

sql injection

codewidgets

pay roll

time sheet

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

JSON

SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.

Affected configurations

NVD

Node

codewidgetspay_roll_-_time_sheet

codewidgetspunch_card

CPENameOperatorVersion
codewidgets:pay_roll_-_time_sheetcodewidgets pay roll - time sheeteq*
codewidgets:punch_cardcodewidgets punch cardeq*

CPE	Name	Operator	Version
codewidgets:pay_roll_-_time_sheet	codewidgets pay roll - time sheet	eq	*
codewidgets:punch_card	codewidgets punch card	eq	*

References

outlaw.aria-security.info/?p=10

secunia.com/advisories/26275

securityreason.com/securityalert/2950

www.securityfocus.com/archive/1/474935/100/0/threaded

www.securityfocus.com/bid/25114

exchange.xforce.ibmcloud.com/vulnerabilities/35665

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2007-4106

nvd1 prion1 cvelist1