Vulnerabilities > CVE-2007-2994 - SQL Injection vulnerability in Dian Gemilang Dgnews 2.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
dian-gemilang

Summary

SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.

Vulnerable Configurations

Part Description Count
Application
Dian_Gemilang
1