CVE-2007-3677 Information

Description

Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl (2) ip.pl and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.

Reference

http://secunia.com/advisories/26110 http://www.attrition.org/pipermail/vim/2007-July/001716.html http://www.nth-dimension.org.uk/pub/Portcullis-06-057.txt http://www.osvdb.org/36112 http://www.osvdb.org/36113 http://www.osvdb.org/36114 http://www.portcullis.co.uk/uplds/advisories/easql2006-057.txt http://www.securityfocus.com/bid/24849 https://exchange.xforce.ibmcloud.com/vulnerabilities/35481 https://exchange.xforce.ibmcloud.com/vulnerabilities/35482