Lucene search

[email protected]CVE-2007-0092

HistoryJan 05, 2007 - 6:28 p.m.

CVE-2007-0092

2007-01-0518:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0092

sql injection

e-smartcart

productdetail.asp

remote attackers

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.132 Low

EPSS

Percentile

95.5%

JSON

SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

CPENameOperatorVersion
e-smart_cart:e-smart_carte-smart carteq1.0

CPE	Name	Operator	Version
e-smart_cart:e-smart_cart	e-smart cart	eq	1.0

References

osvdb.org/31679

secunia.com/advisories/23610

www.vupen.com/english/advisories/2007/0036

exchange.xforce.ibmcloud.com/vulnerabilities/31243

www.exploit-db.com/exploits/3074

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.132 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2007-0092

prion2 cve1