Lucene search

[email protected]CVE-2007-3691

HistoryJul 11, 2007 - 5:30 p.m.

CVE-2007-3691

2007-07-1117:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3691

sql injection

changepw.php

av tutorial script

security vulnerability

nvd

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.8%

JSON

Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.

CPENameOperatorVersion
av_scripts:av_tutorial_scriptav scripts av tutorial scripteq1.0

CPE	Name	Operator	Version
av_scripts:av_tutorial_script	av scripts av tutorial script	eq	1.0

References

attrition.org/pipermail/vim/2007-July/001705.html

osvdb.org/36298

secunia.com/advisories/25969

exchange.xforce.ibmcloud.com/vulnerabilities/35487

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2007-3691

prion2 cve1