CVE-2007-1882

HP Mercury Quality Center <9.1.0.4352 - SQL Injection

Title source: llm

Description

qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Isma Khan · perlremotemultiple

https://www.exploit-db.com/exploits/3654

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/24730

[Third Party Advisory, VDB Entry] http://osvdb.org/34630

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053406.html

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1246

[Third Party Advisory] http://securityreason.com/securityalert/2527

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1017842

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33385

Scores

EPSS 0.1074

EPSS Percentile 93.4%

Details

Status published

Products (1)

hp/mercury_quality_center 9.0 build_9.1.0.4352

Published Apr 06, 2007

Tracked Since Feb 18, 2026