Lucene search

[email protected]CVE-2007-3889

HistoryJul 18, 2007 - 11:30 p.m.

CVE-2007-3889

2007-07-1823:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3889

sql injection

insanely simple blog

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.9%

JSON

Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.

Affected configurations

NVD

Node

insanely_simple_bloginsanely_simple_blogRange≤0.5

CPENameOperatorVersion
insanely_simple_blog:insanely_simple_bloginsanely simple blogle0.5

CPE	Name	Operator	Version
insanely_simple_blog:insanely_simple_blog	insanely simple blog	le	0.5

References

chroot.org/exploits/chroot_uu_010

secunia.com/advisories/26105

securityreason.com/securityalert/2904

www.securityfocus.com/archive/1/473868/100/0/threaded

www.securityfocus.com/archive/1/493224/100/0/threaded

www.securityfocus.com/bid/24934

exchange.xforce.ibmcloud.com/vulnerabilities/35450

www.exploit-db.com/exploits/5774

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for CVE-2007-3889

prion2 cvelist2 nvd2 cve1