Lucene search

[email protected]CVE-2007-3250

HistoryJun 18, 2007 - 10:30 a.m.

CVE-2007-3250

2007-06-1810:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3250

sql injection

mod_banners.php

elxis cms

security vulnerability

remote attackers

arbitrary commands

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating the version number; later downloads of 2006.4 are not affected.

CPENameOperatorVersion
elxis:elxis_cmselxis elxis cmseq2006.3
elxis:elxis_cmselxis elxis cmseq2006.2
elxis:elxis_cmselxis elxis cmseq2006.1
elxis:elxis_cmselxis elxis cmseq2006.4

CPE	Name	Operator	Version
elxis:elxis_cms	elxis elxis cms	eq	2006.3
elxis:elxis_cms	elxis elxis cms	eq	2006.2
elxis:elxis_cms	elxis elxis cms	eq	2006.1
elxis:elxis_cms	elxis elxis cms	eq	2006.4

References

osvdb.org/36305

secunia.com/advisories/25684

securityreason.com/securityalert/2806

www.elxis.org/index.php?option=com_mtree&task=viewlink&link_id=98&Itemid=140

www.securityfocus.com/archive/1/471399/100/0/threaded

www.securityfocus.com/bid/24478

www.vupen.com/english/advisories/2007/2218

exchange.xforce.ibmcloud.com/vulnerabilities/34873

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2007-3250

cvelist1 prion1