CVE-2007-3677
CVE-2007-3677 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.