CVE-2007-2230 Information

Description

SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query (2) description parameter in the advanced search query and possibly other vectors.

Reference

ftp://ftp.ca.com/pub/portal/4.71/4.71.001_188_070329/readme_4.71.001_188_070329.txt http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0648.html http://secunia.com/advisories/25002 http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=136879 http://www.hacktics.com/AdvCleverPathApr07.html http://www.osvdb.org/34128 http://www.securityfocus.com/archive/1/466760/100/0/threaded http://www.securityfocus.com/bid/23671 http://www.securitytracker.com/id?1017970 http://www.vupen.com/english/advisories/2007/1544 https://exchange.xforce.ibmcloud.com/vulnerabilities/33853