Lucene search

[email protected]CVE-2007-3065

HistoryJun 06, 2007 - 1:30 a.m.

CVE-2007-3065

2007-06-0601:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3065

sql injection

viewimage.php

particle soft particle gallery 1.0.1

remote attackers

arbitrary sql commands

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON

SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862.

CPENameOperatorVersion
particle_soft:particle_galleryparticle soft particle galleryeq1.0.1
particle_soft:particle_galleryparticle soft particle galleryeq1.0.0

CPE	Name	Operator	Version
particle_soft:particle_gallery	particle soft particle gallery	eq	1.0.1
particle_soft:particle_gallery	particle soft particle gallery	eq	1.0.0

References

osvdb.org/36309

secunia.com/advisories/25524

www.securityfocus.com/bid/24273

www.vupen.com/english/advisories/2007/2044

www.exploit-db.com/exploits/4019

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for CVE-2007-3065

prion2 cve1