Lucene search

[email protected]CVE-2007-3402

HistoryJun 26, 2007 - 5:30 p.m.

CVE-2007-3402

2007-06-2617:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

pagetool

vulnerability

remote attack

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON

SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.

CPENameOperatorVersion
pagetool:pagetoolpagetooleq1.07

CPE	Name	Operator	Version
pagetool:pagetool	pagetool	eq	1.07

References

osvdb.org/38225

www.securityfocus.com/archive/1/488724/100/0/threaded

www.securityfocus.com/archive/1/488742/100/0/threaded

www.securityfocus.com/bid/24640

exchange.xforce.ibmcloud.com/vulnerabilities/35056

www.exploit-db.com/exploits/4107

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON

Related for CVE-2007-3402

cvelist1 prion1