Lucene search

[email protected]CVE-2007-1122

HistoryFeb 27, 2007 - 2:28 a.m.

CVE-2007-1122

2007-02-2702:28:00

[email protected]

web.nvd.nist.gov

cve-2007-1122

sql injection

zephyrsoft

toolbox

address book

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.8%

JSON

Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

zephyrsoft_toolboxaddress_book_continuedMatch1.00

zephyrsoft_toolboxaddress_book_continuedMatch1.01

CPENameOperatorVersion
zephyrsoft_toolbox:address_book_continuedzephyrsoft toolbox address book continuedeq1.00
zephyrsoft_toolbox:address_book_continuedzephyrsoft toolbox address book continuedeq1.01

CPE	Name	Operator	Version
zephyrsoft_toolbox:address_book_continued	zephyrsoft toolbox address book continued	eq	1.00
zephyrsoft_toolbox:address_book_continued	zephyrsoft toolbox address book continued	eq	1.01

References

secunia.com/advisories/24269

sourceforge.net/project/downloading.php?group_id=153333&use_mirror=osdn&filename=abc-1.02.zip

www.securityfocus.com/bid/22685

www.vupen.com/english/advisories/2007/0715

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVE-2007-1122

prion1 cvelist1 nvd1 securityvulns1