CVE-2007-3677

Name of the Vulnerable Software and Affected Versions Maxsi eVisit Analyst (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands via the id parameter to specific API endpoints, including "idsp1.pl", "ip.pl", and "einsite director.pl". This can also lead to path disclosure from resulting error messages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.