Lucene search

[email protected]CVE-2007-5975

HistoryNov 15, 2007 - 12:46 a.m.

CVE-2007-5975

2007-11-1500:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-5975

sql injection

tbsource

tbdev

torrentstrike 0.4

remote authenticated users

nvd

8.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.3%

JSON

SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
torrentstrike:torrentstriketorrentstrikeeq0.4

CPE	Name	Operator	Version
torrentstrike:torrentstrike	torrentstrike	eq	0.4

References

marc.info/?l=bugtraq&m=119472280121280&w=2

osvdb.org/38667

secunia.com/advisories/27566

www.securityfocus.com/archive/1/483552/100/0/threaded

www.securityfocus.com/bid/26415

exchange.xforce.ibmcloud.com/vulnerabilities/38402

8.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.3%

JSON

Related for CVE-2007-5975

prion1