SQL Injection in Next Gen Portfolio Manager by Next Gen
CVE-2007-4208

Currently unrated

Key Information:

Vendor: Morgan Ids
Status: Next Gen Portfolio Manager
Vendor: CVE Published:; 8 August 2007

What is CVE-2007-4208?

The SQL injection vulnerability in default.asp of Next Gen Portfolio Manager permits remote attackers to manipulate SQL queries by inputting arbitrary commands through the 'Users_Email' or 'Users_Password' parameters during the ExecuteTheLogin action. This flaw can lead to unauthorized access and potential data breaches, making it critical for users to patch their systems promptly.

References

http://securityreason.com/securityalert/2976

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/25195

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/35787

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2007
Vulnerability Reserved
Aug 7, 2007

CVE-2007-4208 Data

JSON

Morgan Ids

What is CVE-2007-4208?

References

Timeline