Lucene search

[email protected]CVE-2007-0812

HistoryFeb 07, 2007 - 11:28 a.m.

CVE-2007-0812

2007-02-0711:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0812

sql injection

pms.php

woltlab burning board

wbb lite 1.0.2pl3e

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.2%

JSON

SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.

CPENameOperatorVersion
woltlab:burning_board_litewoltlab burning board liteeq1.0.2
woltlab:burning_board_litewoltlab burning board liteeq1.0.2_pl3e
woltlab:burning_board_litewoltlab burning board liteeq1.0.1e
woltlab:burning_board_litewoltlab burning board liteeq1.0.0

CPE	Name	Operator	Version
woltlab:burning_board_lite	woltlab burning board lite	eq	1.0.2
woltlab:burning_board_lite	woltlab burning board lite	eq	1.0.2_pl3e
woltlab:burning_board_lite	woltlab burning board lite	eq	1.0.1e
woltlab:burning_board_lite	woltlab burning board lite	eq	1.0.0

References

osvdb.org/32034

secunia.com/advisories/24027

www.securityfocus.com/bid/22415

www.vupen.com/english/advisories/2007/0491

exchange.xforce.ibmcloud.com/vulnerabilities/32172

www.exploit-db.com/exploits/3262

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2007-0812

prion1 cvelist1 securityvulns1