Lucene search

[email protected]CVE-2007-1425

HistoryMar 13, 2007 - 1:19 a.m.

CVE-2007-1425

2007-03-1301:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1425

sql injection

triexa sonicmailer pro

remote execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.

Affected configurations

NVD

Node

triexasonicmailer_proRange≤3.2.3

CPENameOperatorVersion
triexa:sonicmailer_protriexa sonicmailer prole3.2.3

CPE	Name	Operator	Version
triexa:sonicmailer_pro	triexa sonicmailer pro	le	3.2.3

References

osvdb.org/33986

secunia.com/advisories/24474

www.securityfocus.com/bid/22920

www.vupen.com/english/advisories/2007/0905

www.exploit-db.com/exploits/3457

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2007-1425

prion1 nvd1 cvelist1 securityvulns1