Lucene search

[email protected]CVE-2007-4069

HistoryJul 30, 2007 - 5:30 p.m.

CVE-2007-4069

2007-07-3017:30:00

[email protected]

web.nvd.nist.gov

cve-2007-4069

sql injection

indexscript 2.8

vulnerability

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

Affected configurations

NVD

Node

index_scriptindex_scriptMatch2.8

CPENameOperatorVersion
index_script:index_scriptindex scripteq2.8

CPE	Name	Operator	Version
index_script:index_script	index script	eq	2.8

References

osvdb.org/36285

secunia.com/advisories/26218

www.indexscript.com/forum/showthread.php?t=2266

www.securityfocus.com/bid/25064

www.vupen.com/english/advisories/2007/2696

exchange.xforce.ibmcloud.com/vulnerabilities/35592

www.exploit-db.com/exploits/4225

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2007-4069

cvelist3 prion3 nvd3 cve2