Lucene search

[email protected]CVE-2007-3214

HistoryJun 14, 2007 - 10:30 p.m.

CVE-2007-3214

2007-06-1422:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3214

sql injection

e-vision cms

security vulnerability

nvd

9.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON

SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.

CPENameOperatorVersion
e-vision:e-vision_cmse-vision e-vision cmsle2.02

CPE	Name	Operator	Version
e-vision:e-vision_cms	e-vision e-vision cms	le	2.02

References

osvdb.org/36607

secunia.com/advisories/25605

www.securityfocus.com/bid/24398

www.vupen.com/english/advisories/2007/2123

exchange.xforce.ibmcloud.com/vulnerabilities/34793

www.exploit-db.com/exploits/4054

9.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for CVE-2007-3214

prion1