CVE-2007-3013 - OpenCVE

SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Activeweb	Contentserver

Configuration 1 [-]

cpe:2.3:a:activeweb:contentserver:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/26063
http://www.osvdb.org/36511
http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.php
http://www.securityfocus.com/archive/1/473630/100/0/threaded
http://www.securityfocus.com/bid/24894
https://exchange.xforce.ibmcloud.com/vulnerabilities/35390

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-15T23:00:00

Updated: 2024-08-07T13:57:54.940Z

Reserved: 2007-06-04T00:00:00

Link: CVE-2007-3013

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-15T23:30:00.000

Modified: 2018-10-16T16:46:57.747

Link: CVE-2007-3013

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.php"}, {"name": "20070713 ActiveWeb Contentserver CMS SQL Injection Management Interface", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/473630/100/0/threaded"}, {"name": "24894", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24894"}, {"name": "36511", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/36511"}, {"name": "26063", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26063"}, {"name": "activeweb-picturerealedit-sql-injection(35390)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35390"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.php", "refsource": "MISC", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.php"}, {"name": "20070713 ActiveWeb Contentserver CMS SQL Injection Management Interface", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/473630/100/0/threaded"}, {"name": "24894", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24894"}, {"name": "36511", "refsource": "OSVDB", "url": "http://www.osvdb.org/36511"}, {"name": "26063", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26063"}, {"name": "activeweb-picturerealedit-sql-injection(35390)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35390"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.940Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.php"}, {"name": "20070713 ActiveWeb Contentserver CMS SQL Injection Management Interface", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/473630/100/0/threaded"}, {"name": "24894", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24894"}, {"name": "36511", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/36511"}, {"name": "26063", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26063"}, {"name": "activeweb-picturerealedit-sql-injection(35390)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35390"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3013", "datePublished": "2007-07-15T23:00:00", "dateReserved": "2007-06-04T00:00:00", "dateUpdated": "2024-08-07T13:57:54.940Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:activeweb:contentserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "77811BFD-2C16-4E73-A4DB-5CB2D9E8BA32", "versionEndIncluding": "5.6.2929", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en activeWeb contentserver versiones anteriores a 5.6.2964 permite a usuarios remotos autenticados con permisos de edici\u00f3n ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro id en admin/picture/picture_real_edit.asp, y probablemente otros vectores no especificados."}], "id": "CVE-2007-3013", "lastModified": "2018-10-16T16:46:57.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-15T23:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26063"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/36511"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-004.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/473630/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/24894"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35390"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}