Lucene search

[email protected]CVE-2007-2556

HistoryMay 09, 2007 - 6:19 p.m.

CVE-2007-2556

2007-05-0918:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2556

sql injection

nuked-klan 1.7.6

x-forwarded-for

remote code execution

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.

CPENameOperatorVersion
nuked-klan:nuked-klannuked-klaneq1.7.6

CPE	Name	Operator	Version
nuked-klan:nuked-klan	nuked-klan	eq	1.7.6

References

osvdb.org/36931

secunia.com/advisories/25165

securityreason.com/securityalert/2665

www.securityfocus.com/archive/1/467750/100/0/threaded

www.securityfocus.com/bid/23835

www.vupen.com/english/advisories/2007/1662

exchange.xforce.ibmcloud.com/vulnerabilities/34116

www.exploit-db.com/exploits/3858

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2007-2556

cvelist1 dsquare1 prion1