Lucene search

[email protected]CVE-2007-1960

HistoryApr 11, 2007 - 10:19 a.m.

CVE-2007-1960

2007-04-1110:19:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-1960

sql injection

rha7 downloads

xoops

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.9%

JSON

SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.

Affected configurations

NVD

Node

xoopsrha7_downloads_moduleMatch1.0

xoopsrha7_downloads_moduleMatch1.10

CPENameOperatorVersion
xoops:rha7_downloads_modulexoops rha7 downloads moduleeq1.0
xoops:rha7_downloads_modulexoops rha7 downloads moduleeq1.10

CPE	Name	Operator	Version
xoops:rha7_downloads_module	xoops rha7 downloads module	eq	1.0
xoops:rha7_downloads_module	xoops rha7 downloads module	eq	1.10

References

osvdb.org/34460

secunia.com/advisories/24790

www.securityfocus.com/bid/23320

www.exploit-db.com/exploits/3666

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.9%

JSON

Related for CVE-2007-1960

nvd2 prion2 cvelist2 cve1 securityvulns1