Vulnerabilities > CVE-2007-0566 - SQL Injection vulnerability in ASP News News_Detail.ASP

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

asp-news

exploit available

NVD

Published: 2007-01-30

Updated: 2018-10-16

Summary

SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Asp_News ASP News ASP News *	1

Exploit-Db

description	ASP NEWS. CVE-2007-0566. Webapps exploit for asp platform
file	exploits/asp/webapps/3187.txt
id	EDB-ID:3187
last seen	2016-01-31
modified	2007-01-24
platform	asp
port
published	2007-01-24
reporter	ajann
source	https://www.exploit-db.com/download/3187/
title	ASP NEWS <= 3.0 - news_detail.asp Remote SQL Injection Vulnerability
type	webapps

References

http://osvdb.org/33582
http://www.securityfocus.com/archive/1/458057/100/100/threaded
http://www.securityfocus.com/bid/22214
http://www.vupen.com/english/advisories/2007/0340
https://exchange.xforce.ibmcloud.com/vulnerabilities/31719
https://www.exploit-db.com/exploits/3187