Lucene search

[email protected]CVE-2007-3811

HistoryJul 17, 2007 - 12:30 a.m.

CVE-2007-3811

2007-07-1700:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

esyndicat

sql injection

vulnerability

cve-2007-3811

nvd

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%

JSON

Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.

CPENameOperatorVersion
esyndicat:esyndicat_directoryesyndicat esyndicat directoryeq1.6

CPE	Name	Operator	Version
esyndicat:esyndicat_directory	esyndicat esyndicat directory	eq	1.6

References

osvdb.org/36266

osvdb.org/36267

www.securityfocus.com/bid/24908

www.vupen.com/english/advisories/2007/2543

exchange.xforce.ibmcloud.com/vulnerabilities/35427

www.exploit-db.com/exploits/4183

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2007-3811

prion1