Lucene search

[email protected]CVE-2007-3809

HistoryJul 17, 2007 - 12:30 a.m.

CVE-2007-3809

2007-07-1700:30:00

[email protected]

web.nvd.nist.gov

sql injection

prozilla directory script

remote code execution

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.2%

JSON

Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.

Affected configurations

NVD

Node

prozillaprozilla_directory_script

CPENameOperatorVersion
prozilla:prozilla_directory_scriptprozilla prozilla directory scripteq*

CPE	Name	Operator	Version
prozilla:prozilla_directory_script	prozilla prozilla directory script	eq	*

References

osvdb.org/36512

www.securityfocus.com/bid/24915

exchange.xforce.ibmcloud.com/vulnerabilities/35425

www.exploit-db.com/exploits/4185

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.2%

JSON

Related for CVE-2007-3809

nvd1 prion1 cvelist1