Lucene search

[email protected]CVE-2007-3175

HistoryJun 11, 2007 - 10:30 p.m.

CVE-2007-3175

2007-06-1122:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3175

sql injection

w2b online banking

security vulnerability

remote execution

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.3%

JSON

Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b.

CPENameOperatorVersion
w2b:online_bankingw2b online bankingeq*

CPE	Name	Operator	Version
w2b:online_banking	w2b online banking	eq	*

References

osvdb.org/37466

osvdb.org/37467

pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html

exchange.xforce.ibmcloud.com/vulnerabilities/34593

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.3%

JSON

Related for CVE-2007-3175

prion1