Lucene search

[email protected]CVE-2007-3646

HistoryJul 10, 2007 - 5:30 p.m.

CVE-2007-3646

2007-07-1017:30:00

[email protected]

web.nvd.nist.gov

cve

2007

3646

sql injection

flashgamescript

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action.

Affected configurations

NVD

Node

flashgamescriptflashgamescriptMatch1.5.4

flashgamescriptflashgamescriptMatch1.7

CPENameOperatorVersion
flashgamescript:flashgamescriptflashgamescripteq1.5.4
flashgamescript:flashgamescriptflashgamescripteq1.7

CPE	Name	Operator	Version
flashgamescript:flashgamescript	flashgamescript	eq	1.5.4
flashgamescript:flashgamescript	flashgamescript	eq	1.7

References

flashgamescript.com/forum/viewtopic.php?t=425

osvdb.org/36297

secunia.com/advisories/25960

www.securityfocus.com/bid/24809

www.vupen.com/english/advisories/2007/2461

exchange.xforce.ibmcloud.com/vulnerabilities/35293

www.exploit-db.com/exploits/4161

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2007-3646

prion1 cvelist1 nvd1