Lucene search

[email protected]CVE-2007-0970

HistoryFeb 16, 2007 - 1:28 a.m.

CVE-2007-0970

2007-02-1601:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

webtester

security vulnerability

nvd

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.

CPENameOperatorVersion
webtester:webtesterwebtesterle5.0_2006-09-27

CPE	Name	Operator	Version
webtester:webtester	webtester	le	5.0_2006-09-27

References

osvdb.org/33203

osvdb.org/33204

secunia.com/advisories/24157

securityreason.com/securityalert/2261

www.securityfocus.com/archive/1/460078/100/0/threaded

www.securityfocus.com/bid/22559

www.vupen.com/english/advisories/2007/0633

exchange.xforce.ibmcloud.com/vulnerabilities/32490

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2007-0970

prion1 securityvulns1