CVE-2007-6664 - SQL Injection vulnerability in Webportal CMS 0.6.0

Summary

SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.

Classification

CWE-89 - SQL Injection

Risk level (CVSS 7.5)

High

7.5

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

Webportal Webportal CMS 0.6.0

External references

http://www.securityfocus.com/bid/27088
https://exchange.xforce.ibmcloud.com/vulnerabilities/39336
https://www.exploit-db.com/exploits/4826