Lucene search

[email protected]CVE-2007-3452

HistoryJun 27, 2007 - 12:30 a.m.

CVE-2007-3452

2007-06-2700:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3452

sql injection

edocstore

remote attack

vulnerability

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.139 Low

EPSS

Percentile

95.6%

JSON

SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.

CPENameOperatorVersion
edocstore:edocstoreedocstoreeq*

CPE	Name	Operator	Version
edocstore:edocstore	edocstore	eq	*

References

osvdb.org/36292

secunia.com/advisories/25831

www.vupen.com/english/advisories/2007/2327

exchange.xforce.ibmcloud.com/vulnerabilities/35057

www.exploit-db.com/exploits/4108

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.139 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2007-3452

prion1