[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78764

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-3539

Date: (C)2007-07-03   (M)2017-10-04 


Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-28176
SECUNIA-29299
OSVDB-37606
OSVDB-38956
OSVDB-38957
OSVDB-38958
OSVDB-38959
OSVDB-42684
EXPLOIT-DB-5222
ADV-2007-2367
http://pridels-team.blogspot.com/2007/06/quickticket-multiple-sql-inj.html
quicktalk-forum-multiple-sql-injection(35100)
quicktalkforum-multiple-sql-injection(35100)
quickticket-qtiusr-sql-injection(41065)

CWE    1
CWE-89

© 2013 SecPod Technologies