Lucene search

[email protected]CVE-2007-2339

HistoryApr 27, 2007 - 4:19 p.m.

CVE-2007-2339

2007-04-2716:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2339

sql injection

phorum

remote attackers

arbitrary commands

nvd

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or © banlist module in admin.php; or (3) the “Edit groups / Add group” field in the (d) groups module in admin.php.

CPENameOperatorVersion
phorum:phorumphorumle5.1.20

CPE	Name	Operator	Version
phorum:phorum	phorum	le	5.1.20

References

osvdb.org/35062

osvdb.org/35063

osvdb.org/35064

secunia.com/advisories/24932

securityreason.com/securityalert/2617

securitytracker.com/id?1017936

www.phorum.org/story.php?76

www.securityfocus.com/archive/1/466286/100/0/threaded

www.securityfocus.com/bid/23616

www.vupen.com/english/advisories/2007/1479

www.waraxe.us/advisory-49.html

exchange.xforce.ibmcloud.com/vulnerabilities/34081

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2007-2339

prion1 cvelist1