Lucene search

[email protected]CVE-2007-1909

HistoryApr 10, 2007 - 11:19 p.m.

CVE-2007-1909

2007-04-1023:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1909

sql injection

vulnerability

ryan haudenschilt

battle.net clan script

php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.197 Low

EPSS

Percentile

96.3%

JSON

SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.

Affected configurations

NVD

Node

ryan_haudenschiltbattle.net_clan_scriptphp

CPENameOperatorVersion
ryan_haudenschilt:battle.net_clan_scriptryan haudenschilt battle.net clan scripteq*

CPE	Name	Operator	Version
ryan_haudenschilt:battle.net_clan_script	ryan haudenschilt battle.net clan script	eq	*

References

osvdb.org/34747

secunia.com/advisories/24838

www.securityfocus.com/bid/23383

www.vupen.com/english/advisories/2007/1313

www.exploit-db.com/exploits/3691

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.197 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2007-1909

nvd1 prion1 cvelist1 securityvulns1