cpe:/a:dominion_web:dwdirectory:2.1 CVE-2007-6392 2007-12-17T13:46:00.000-05:00 2017-09-28T21:29:54.923-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-12-17T14:32:00.000-05:00 BID 26779 SECUNIA 27990 EXPLOIT-DB 4708 VUPEN ADV-2007-4177 XF dwdirectory-search-sql-injection(38938) SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.