Vulnerability CVE-2007-3175


Published: 2007-06-11   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
W2B -> Online banking 

 References:
http://xforce.iss.net/xforce/xfdb/34593
http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html
http://osvdb.org/37467
http://osvdb.org/37466

Copyright 2024, cxsecurity.com

 

Back to Top