Lucene search

MitreCVE-2007-0266

HistoryJan 16, 2007 - 11:28 p.m.

CVE-2007-0266

2007-01-1623:28:00

mitre

web.nvd.nist.gov

cve-2007-0266

sql injection

vulnerability

ezboxx portal system

web script

html

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.011

Percentile

84.3%

JSON

SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.

Affected configurations

Nvd

Node

ezboxxezboxx_portal_systemRange≤beta_0.7.6

VendorProductVersionCPE
ezboxxezboxx_portal_system*cpe:2.3:a:ezboxx:ezboxx_portal_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ezboxx	ezboxx_portal_system	*	cpe:2.3:a:ezboxx:ezboxx_portal_system::::::::

References

osvdb.org/32825

osvdb.org/33466

secunia.com/advisories/23759

www.bugsec.com/articles.php?Security=20

www.securityfocus.com/archive/1/456699/100/0/threaded

www.vupen.com/english/advisories/2007/0208

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.011

Percentile

84.3%

JSON

Related for CVE-2007-0266