Lucene search

[email protected]CVE-2007-3631

HistoryJul 10, 2007 - 12:30 a.m.

CVE-2007-3631

2007-07-1000:30:00

[email protected]

web.nvd.nist.gov

sql injection

index.php

gamesitescript

vulnerability

nvd

cve-2007-3631

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.7%

JSON

SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field.

Affected configurations

NVD

Node

gamesitescriptgamesitescriptRange≤3.1

CPENameOperatorVersion
gamesitescript:gamesitescriptgamesitescriptle3.1

CPE	Name	Operator	Version
gamesitescript:gamesitescript	gamesitescript	le	3.1

References

osvdb.org/36362

secunia.com/advisories/25983

www.securityfocus.com/bid/24807

www.vupen.com/english/advisories/2007/2460

exchange.xforce.ibmcloud.com/vulnerabilities/35292

www.exploit-db.com/exploits/4159

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2007-3631

prion1 cvelist1 nvd1