CVE-2007-3298 Information

Description

SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components.

Reference

http://osvdb.org/38729 http://sourceforge.net/forum/forum.php?forum_id=687624 http://sourceforge.net/project/shownotes.php?group_id=108104&release_id=502366 http://spey.cvs.sourceforge.net/spey/spey/src/MessageProcessor.cc?view=log http://www.vupen.com/english/advisories/2007/2249