Lucene search

[email protected]CVE-2007-3684

HistoryJul 11, 2007 - 5:30 p.m.

CVE-2007-3684

2007-07-1117:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3684

sql injection

unobtrusive ajax star rating bar

remote attackers

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.0%

JSON

Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php.

CPENameOperatorVersion
masuga_design:unobtrusive_ajax_star_rating_barmasuga design unobtrusive ajax star rating barle1.1.0

CPE	Name	Operator	Version
masuga_design:unobtrusive_ajax_star_rating_bar	masuga design unobtrusive ajax star rating bar	le	1.1.0

References

secunia.com/advisories/25985

www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml

www.osvdb.org/35933

www.osvdb.org/35934

www.securityfocus.com/bid/24840

exchange.xforce.ibmcloud.com/vulnerabilities/35328

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2007-3684

prion1