Lucene search

[email protected]CVE-2007-4359

HistoryAug 15, 2007 - 7:17 p.m.

CVE-2007-4359

2007-08-1519:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

security

sql injection

skilmatch

nvd

cve-2007-4359

9.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action.

CPENameOperatorVersion
skilmatch_staffing_systems:joblister3skilmatch staffing systems joblister3eq*

CPE	Name	Operator	Version
skilmatch_staffing_systems:joblister3	skilmatch staffing systems joblister3	eq	*

References

osvdb.org/36416

secunia.com/advisories/26440

securityreason.com/securityalert/3013

www.securityfocus.com/archive/1/476282/100/0/threaded

www.securityfocus.com/bid/25296

exchange.xforce.ibmcloud.com/vulnerabilities/36052

9.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for CVE-2007-4359

prion1