Lucene search

[email protected]CVE-2007-2299

HistoryApr 26, 2007 - 9:19 p.m.

CVE-2007-2299

2007-04-2621:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2299

sql injection

frogss cms

security vulnerability

remote attack

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON

Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or © forum/viewtopic.php, different vectors than CVE-2006-4536.

CPENameOperatorVersion
frogss:frogss_cmsfrogss frogss cmsle0.7

CPE	Name	Operator	Version
frogss:frogss_cms	frogss frogss cms	le	0.7

References

osvdb.org/35526

osvdb.org/35527

osvdb.org/35528

www.securityfocus.com/bid/23476

www.vupen.com/english/advisories/2007/1388

exchange.xforce.ibmcloud.com/vulnerabilities/33640

www.exploit-db.com/exploits/3731

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for CVE-2007-2299

prion1 cve1