Lucene search

[email protected]CVE-2007-0527

HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0527

2007-01-2601:28:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

website baker

security vulnerability

remote execution

nvd

8.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

JSON

SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
website_baker:website_bakerwebsite bakerle2.6.5

CPE	Name	Operator	Version
website_baker:website_baker	website baker	le	2.6.5

References

osvdb.org/32945

secunia.com/advisories/23828

securityreason.com/securityalert/2185

www.securityfocus.com/archive/1/457684/100/0/threaded

www.securityfocus.com/bid/22176

www.vupen.com/english/advisories/2007/0311

exchange.xforce.ibmcloud.com/vulnerabilities/31692

8.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

JSON

Related for CVE-2007-0527

cvelist1 nessus1 prion1 securityvulns1