ByteOS Network

NVD Vulnerability Details :

CVE-2007-6393

Modified

Source-cve@mitre.org

Published At-17 Dec, 2007 | 18:46

Updated At-29 Sep, 2017 | 01:29

SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

ace_image_hosting_script>>ace_image_hosting_script>>0

cpe:2.3:a:ace_image_hosting_script:ace_image_hosting_script:0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	nvd@nist.gov

CWE ID: CWE-89

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/27988	cve@mitre.org	N/A
http://www.securityfocus.com/bid/26780	cve@mitre.org	Exploit
http://www.vupen.com/english/advisories/2007/4176	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/38941	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/4707	cve@mitre.org	N/A