Lucene search

[email protected]CVE-2007-4109

HistoryJul 31, 2007 - 10:17 a.m.

CVE-2007-4109

2007-07-3110:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-4109

sql injection

sign_in.aspx

webstore

nvd

vulnerability

online store

application template

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.9%

JSON

SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.

CPENameOperatorVersion
codewidgets:online_event_registration_templatecodewidgets online event registration templateeq*

CPE	Name	Operator	Version
codewidgets:online_event_registration_template	codewidgets online event registration template	eq	*

References

outlaw.aria-security.info/?p=10

secunia.com/advisories/26237

securityreason.com/securityalert/2947

www.securityfocus.com/archive/1/474932/100/0/threaded

www.securityfocus.com/bid/25112

exchange.xforce.ibmcloud.com/vulnerabilities/35669

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for CVE-2007-4109

prion1