cpe:/a:trivantis:coursemill_enterprise_learning_management_system:4.1:sp4 CVE-2007-6338 2007-12-14T20:46:00.000-05:00 2017-08-07T21:29:06.400-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-12-17T10:53:00.000-05:00 BUGTRAQ 20071213 + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 BID 26865 SECUNIA 28098 SREASON 3450 OSVDB 39156 XF coursemill-userlogin-sql-injection(39031) MISC http://packetstorm.linuxsecurity.com/0712-exploits/trivantis-sql.txt SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.