Vulnerabilities > CVE-2007-4208 - SQL Injection vulnerability in Next Gen Portfolio Manager Default.ASP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Next Gen Portfolio Manager Default.ASP Multiple SQL Injection Vulnerabilities. CVE-2007-4208. Webapps exploit for asp platform |
| id | EDB-ID:30451 |
| last seen | 2016-02-03 |
| modified | 2007-08-03 |
| published | 2007-08-03 |
| reporter | Aria-Security Team |
| source | https://www.exploit-db.com/download/30451/ |
| title | Next Gen Portfolio Manager Default.ASP Multiple SQL Injection Vulnerabilities |
References
- http://osvdb.org/36280
- http://outlaw.aria-security.info/?p=14
- http://secunia.com/advisories/26338
- http://securityreason.com/securityalert/2976
- http://www.securityfocus.com/archive/1/475449/100/0/threaded
- http://www.securityfocus.com/bid/25195
- http://www.vupen.com/english/advisories/2007/2797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35787