Lucene search

[email protected]CVE-2007-3345

HistoryJun 22, 2007 - 6:30 p.m.

CVE-2007-3345

2007-06-2218:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

phpaccounts 0.5

security vulnerability

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.9%

JSON

Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter.

CPENameOperatorVersion
php_accounts:php_accountsphp accountseq0.5

CPE	Name	Operator	Version
php_accounts:php_accounts	php accounts	eq	0.5

References

osvdb.org/35980

pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html

exchange.xforce.ibmcloud.com/vulnerabilities/35028

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.9%

JSON

Related for CVE-2007-3345

prion1