Lucene search

[email protected]CVE-2007-4055

HistoryJul 30, 2007 - 5:30 p.m.

CVE-2007-4055

2007-07-3017:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-4055

sql injection

simpleblog 3.0

remote attackers

arbitrary commands

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.189 Low

EPSS

Percentile

96.2%

JSON

SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this may be related to CVE-2006-4300.

CPENameOperatorVersion
8pixel.net:simple_blog8pixel.net simple blogeq3.0

CPE	Name	Operator	Version
8pixel.net:simple_blog	8pixel.net simple blog	eq	3.0

References

osvdb.org/37268

www.securityfocus.com/bid/25123

www.vupen.com/english/advisories/2007/2694

exchange.xforce.ibmcloud.com/vulnerabilities/35677

www.exploit-db.com/exploits/4239

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.189 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2007-4055

prion1 cve1