Lucene search

[email protected]CVE-2007-3824

HistoryJul 17, 2007 - 1:30 a.m.

CVE-2007-3824

2007-07-1701:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

mzk blog

remote attackers

sql commands

9.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.

CPENameOperatorVersion
mehmet_zati_karahan:mzk_blogmehmet zati karahan mzk blogeq*

CPE	Name	Operator	Version
mehmet_zati_karahan:mzk_blog	mehmet zati karahan mzk blog	eq	*

References

osvdb.org/36257

secunia.com/advisories/26070

www.packetstormsecurity.org/0707-exploits/mzkblog-sql.txt

www.securityfocus.com/bid/24909

www.vupen.com/english/advisories/2007/2542

exchange.xforce.ibmcloud.com/vulnerabilities/35424

9.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2007-3824

prion1