CVE-2007-6517

critical

Description

SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39176

http://www.vupen.com/english/advisories/2007/4302

http://www.securityfocus.com/bid/26962

http://www.securityfocus.com/archive/1/485393/100/0/threaded

http://www.osvdb.org/39383

http://secunia.com/advisories/28193

http://aria-security.net/forum/showthread.php?p=1174

Details

Source: Mitre, NVD

Published: 2007-12-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00651