Lucene search

[email protected]CVE-2007-3354

HistoryJun 22, 2007 - 6:30 p.m.

CVE-2007-3354

2007-06-2218:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

netclassifieds

security vulnerability

remote attack

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.5%

JSON

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.

CPENameOperatorVersion
scriptdevelopers.net:netclassifiedsscriptdevelopers.net netclassifiedseq1.0.1
scriptdevelopers.net:netclassifiedsscriptdevelopers.net netclassifiedseq1.5.1
scriptdevelopers.net:netclassifiedsscriptdevelopers.net netclassifiedseq1.9.6.3

CPE	Name	Operator	Version
scriptdevelopers.net:netclassifieds	scriptdevelopers.net netclassifieds	eq	1.0.1
scriptdevelopers.net:netclassifieds	scriptdevelopers.net netclassifieds	eq	1.5.1
scriptdevelopers.net:netclassifieds	scriptdevelopers.net netclassifieds	eq	1.9.6.3

References

osvdb.org/36330

securityreason.com/securityalert/2824

www.securityfocus.com/archive/1/471944/100/0/threaded

www.securityfocus.com/bid/24584

exchange.xforce.ibmcloud.com/vulnerabilities/34994

Social References

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2007-3354

prion1 cve1