Lucene search

[email protected]CVE-2007-1121

HistoryFeb 27, 2007 - 2:28 a.m.

CVE-2007-1121

2007-02-2702:28:00

[email protected]

web.nvd.nist.gov

sql injection

mathis dirksen-thedens

zephyrsoft

toolbox

address book continued

abc 1.00

remote attackers

arbitrary sql commands

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

8.5 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

zephyrsoft_toolboxaddress_book_continuedMatch1.00

zephyrsoft_toolboxaddress_book_continuedMatch1.01

CPENameOperatorVersion
zephyrsoft_toolbox:address_book_continuedzephyrsoft toolbox address book continuedeq1.00
zephyrsoft_toolbox:address_book_continuedzephyrsoft toolbox address book continuedeq1.01

CPE	Name	Operator	Version
zephyrsoft_toolbox:address_book_continued	zephyrsoft toolbox address book continued	eq	1.00
zephyrsoft_toolbox:address_book_continued	zephyrsoft toolbox address book continued	eq	1.01

References

secunia.com/advisories/24269

sourceforge.net/project/shownotes.php?release_id=488406

www.securityfocus.com/bid/22685

www.vupen.com/english/advisories/2007/0715

exchange.xforce.ibmcloud.com/vulnerabilities/32665

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

8.5 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2007-1121

cvelist1 prion1 nvd1 securityvulns1