Lucene search

[email protected]CVE-2007-5951

HistoryNov 14, 2007 - 1:46 a.m.

CVE-2007-5951

2007-11-1401:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-5951

sql injection

e-vendejo 0.2

remote attackers

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.1%

JSON

SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CPENameOperatorVersion
e-vendejo:0.2e-vendejo 0.2eq*

CPE	Name	Operator	Version
e-vendejo:0.2	e-vendejo 0.2	eq	*

References

osvdb.org/38405

secunia.com/advisories/27517

www.ihteam.net/exploits/e-vendejo-0.2.txt

www.securityfocus.com/bid/26330

www.vupen.com/english/advisories/2007/3721

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.1%

JSON

Related for CVE-2007-5951

prion1