Lucene search

[email protected]CVE-2007-2599

HistoryMay 11, 2007 - 10:19 a.m.

CVE-2007-2599

2007-05-1110:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2599

sql injection

tutorialcms

photoshop tutorials

remote attackers

execute arbitrary sql commands

browsecat.php

browsesubcat.php

opentutorial.php

topframe.php

admin/editlisting.php

search.php

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.1%

JSON

Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to © openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.

CPENameOperatorVersion
wavelink_media:tutorialcmswavelink media tutorialcmsle1.00

CPE	Name	Operator	Version
wavelink_media:tutorialcms	wavelink media tutorialcms	le	1.00

References

osvdb.org/35899

osvdb.org/35900

osvdb.org/35901

osvdb.org/35902

osvdb.org/35903

osvdb.org/35905

secunia.com/advisories/25222

www.securityfocus.com/bid/23905

www.vupen.com/english/advisories/2007/1742

www.wavelinkmedia.com/scripts/tutorialcms/

exchange.xforce.ibmcloud.com/vulnerabilities/34214

www.exploit-db.com/exploits/3887

Social References

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for CVE-2007-2599

prion1