Vulnerabilities > CVE-2007-3648 - SQL Injection vulnerability in Valarsoft Webmatic 2.6.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

valarsoft

NVD

Published: 2007-07-10

Updated: 2011-03-08

Summary

SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Valarsoft Valarsoft Webmatic * Valarsoft Webmatic 2.6.1	2

References

http://osvdb.org/41104
http://secunia.com/advisories/26019
http://www.securityfocus.com/bid/24878
http://www.valarsoft.com/index.php?page=home&notizie=&notID=144#npos144
http://www.vupen.com/english/advisories/2007/2465