Lucene search

[email protected]CVE-2007-3979

HistoryJul 25, 2007 - 5:30 p.m.

CVE-2007-3979

2007-07-2517:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3979

sql injection

blogsite professional

blog system

1.x

9.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

84.0%

JSON

SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

CPENameOperatorVersion
netart_media:blog_systemnetart media blog systemle1.2

CPE	Name	Operator	Version
netart_media:blog_system	netart media blog system	le	1.2

References

osvdb.org/36278

secunia.com/advisories/26170

www.securityfocus.com/bid/24976

www.vupen.com/english/advisories/2007/2607

exchange.xforce.ibmcloud.com/vulnerabilities/35514

www.exploit-db.com/exploits/4206

9.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2007-3979

prion1 cvelist1