Lucene search

[email protected]CVE-2007-3526

HistoryJul 03, 2007 - 6:30 p.m.

CVE-2007-3526

2007-07-0318:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

buddy zone

remote attackers

security vulnerability

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.1%

JSON

Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.

CPENameOperatorVersion
vastal_i-tech:buddy_zonevastal i-tech buddy zonele1.5

CPE	Name	Operator	Version
vastal_i-tech:buddy_zone	vastal i-tech buddy zone	le	1.5

References

osvdb.org/38960

osvdb.org/38961

osvdb.org/38962

www.securityfocus.com/bid/24726

exchange.xforce.ibmcloud.com/vulnerabilities/35187

www.exploit-db.com/exploits/4128

Social References

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2007-3526

prion1