Lucene search

[email protected]CVE-2007-4956

HistorySep 18, 2007 - 8:17 p.m.

CVE-2007-4956

2007-09-1820:17:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-4956

sql injection

kwsphp

remote attack

security vulnerability

nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.3%

JSON

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.

CPENameOperatorVersion
kwsphp:kwsphpkwsphpeq1.0

CPE	Name	Operator	Version
kwsphp:kwsphp	kwsphp	eq	1.0

References

koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29

osvdb.org/37180

osvdb.org/37182

secunia.com/advisories/26850

www.securityfocus.com/bid/25679

exchange.xforce.ibmcloud.com/vulnerabilities/36634

exchange.xforce.ibmcloud.com/vulnerabilities/36635

exchange.xforce.ibmcloud.com/vulnerabilities/36636

www.exploit-db.com/exploits/4412

www.exploit-db.com/exploits/4413

www.exploit-db.com/exploits/4414

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.3%

JSON

Related for CVE-2007-4956

prion2 cvelist2 cve1