Vulnerability Description
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Activeweb | Contentserver | <= 5.6.2929 |
References
- http://secunia.com/advisories/26063
- http://www.osvdb.org/36511
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.phpExploitPatchVendor Advisory
- http://www.securityfocus.com/archive/1/473630/100/0/threaded
- http://www.securityfocus.com/bid/24894Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35390
- http://secunia.com/advisories/26063
- http://www.osvdb.org/36511
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.phpExploitPatchVendor Advisory
- http://www.securityfocus.com/archive/1/473630/100/0/threaded
- http://www.securityfocus.com/bid/24894Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35390
FAQ
What is CVE-2007-3013?
CVE-2007-3013 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/pi...
How severe is CVE-2007-3013?
CVE-2007-3013 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3013?
Check the references section above for vendor advisories and patch information. Affected products include: Activeweb Contentserver.