Lucene search

[email protected]CVE-2007-3183

HistoryJun 26, 2007 - 5:30 p.m.

CVE-2007-3183

2007-06-2617:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3183

sql injection

calendarix

security vulnerability

nvd

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.5%

JSON

Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.

CPENameOperatorVersion
vincent_hor:calendarixvincent hor calendarixeq0.7.2007-03-07

CPE	Name	Operator	Version
vincent_hor:calendarix	vincent hor calendarix	eq	0.7.2007-03-07

References

osvdb.org/35694

secunia.com/advisories/25795

securityreason.com/securityalert/2837

www.netvigilance.com/advisory0038

www.osvdb.org/35373

www.securityfocus.com/archive/1/472221/100/0/threaded

www.securityfocus.com/bid/24633

www.securitytracker.com/id?1018287

www.vupen.com/english/advisories/2007/2324

exchange.xforce.ibmcloud.com/vulnerabilities/35046

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for CVE-2007-3183

prion2 nessus1 securityvulns2 cve1