Lucene search

[email protected]CVE-2007-1163

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2007-1163

2007-03-0221:18:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2007

sql injection

printview.php

webspell 4.01.02

remote attackers

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.8%

JSON

SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.

CPENameOperatorVersion
webspell:webspellwebspelleq4.0
webspell:webspellwebspelleq4.01.00
webspell:webspellwebspellle4.01.02
webspell:webspellwebspelleq4.01.01

CPE	Name	Operator	Version
webspell:webspell	webspell	eq	4.0
webspell:webspell	webspell	eq	4.01.00
webspell:webspell	webspell	le	4.01.02
webspell:webspell	webspell	eq	4.01.01

References

osvdb.org/33231

secunia.com/advisories/24257

www.securityfocus.com/bid/22659

www.vupen.com/english/advisories/2007/0714

www.exploit-db.com/exploits/3351

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.8%

JSON

Related for CVE-2007-1163

prion2 cvelist4 cve3 securityvulns1