PT-2007-7209 · Unknown · Aurora Framework
Published
2007-12-13
·
Updated
2017-08-08
·
CVE-2007-6345
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
aurora framework versions prior to 20071208
Description
The issue allows remote attackers to execute arbitrary SQL commands, possibly through the
value parameter to the pack var function in module/db.lib/db mysql.lib.Recommendations
For versions prior to 20071208, update to a version released after 20071208 to resolve the issue. As a temporary workaround, consider restricting access to the
pack var function in module/db.lib/db mysql.lib to minimize the risk of exploitation. Avoid using the value parameter in the affected function until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aurora Framework