[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2007-3539Date: (C)2007-07-03   (M)2018-02-19


Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
BID-28176
SECUNIA-29299
OSVDB-37606
OSVDB-38956
OSVDB-38957
OSVDB-38958
OSVDB-38959
OSVDB-42684
EXPLOIT-DB-5222
ADV-2007-2367
http://pridels-team.blogspot.com/2007/06/quickticket-multiple-sql-inj.html
quicktalk-forum-multiple-sql-injection(35100)
quicktalkforum-multiple-sql-injection(35100)
quickticket-qtiusr-sql-injection(41065)

CWE    1
CWE-89

© SecPod Technologies