Vulnerabilities > CVE-2007-3013 - SQL Injection vulnerability in ActiveWeb Contentserver Picture_Real_Edit.ASP

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

activeweb

exploit available

NVD

Published: 2007-07-15

Updated: 2018-10-16

Summary

SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Activeweb Activeweb Contentserver *	1

Exploit-Db

description	ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability. CVE-2007-3013 . Webapps exploit for asp platform
id	EDB-ID:30296
last seen	2016-02-03
modified	2007-07-13
published	2007-07-13
reporter	RedTeam Pentesting
source	https://www.exploit-db.com/download/30296/
title	ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability

Packetstorm

data source	https://packetstormsecurity.com/files/download/57734/rt-sa-2007-004.txt
id	PACKETSTORM:57734
last seen	2016-12-05
published	2007-07-13
reporter	redteam-pentesting.de
source	https://packetstormsecurity.com/files/57734/rt-sa-2007-004.txt.html
title	rt-sa-2007-004.txt

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References