Lucene search

[email protected]CVE-2007-1572

HistoryMar 21, 2007 - 9:19 p.m.

CVE-2007-1572

2007-03-2121:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

jgbbs 3.0

remote attack

arbitrary command execution

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.6%

JSON

SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CPENameOperatorVersion
sourceforge:jgbbssourceforge jgbbsle3.0

CPE	Name	Operator	Version
sourceforge:jgbbs	sourceforge jgbbs	le	3.0

References

www.vupen.com/english/advisories/2007/0940

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.6%

JSON

Related for CVE-2007-1572

cvelist2 prion2 cve1 securityvulns1