CVE-2007-0970

critical

Description

Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32490

http://www.vupen.com/english/advisories/2007/0633

http://www.securityfocus.com/archive/1/460078/100/0/threaded

http://securityreason.com/securityalert/2261

http://secunia.com/advisories/24157

http://osvdb.org/33204

http://osvdb.org/33203

Details

Source: Mitre, NVD

Published: 2007-02-16

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01135