Release DateMar 01, 2007 |
Severitymedium |
ImpactThe execution of arbitrary SQL commands on the system. |
DescriptionIt indicates a possible exploit of a SQL injection vulnerability in Fullaspsite Asp Hosting Sitesi.This flaw is due to an input validation error in the "windows.asp" script that does not validate the "kategori_id" parameter before being used in SQL statements, which could be exploited by malicious users to conduct SQL injection attacks. |
Affected ProductsFullaspsite Asp Hosting Sitesi. |
Recommended ActionsCurrently we are not aware of any vendor-supplied patches for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0678 |
Reference/shttp://www.frsirt.com/english/advisories/2007/0453 (FrSIRT)http://www.securityfocus.com/bid/22347 (BugTraq) |
