CVE-2007-6622 - SQL Injection vulnerability in Zeuscms 0.3

Summary

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.

Classification

CWE-89 - SQL Injection

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Related CVE

Date CVE Title CVSS
2008-01-03 CVE-2007-6623 Path Traversal vulnerability in Zeuscms 0.3 5.0