Lucene search

[email protected]CVE-2007-6140

HistoryNov 27, 2007 - 7:46 p.m.

CVE-2007-6140

2007-11-2719:46:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

dora emlak 2.0

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.9%

JSON

Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to © kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.

Affected configurations

NVD

Node

dora_emlakdora_emlakMatch2.0

CPENameOperatorVersion
dora_emlak:dora_emlakdora emlakeq2.0

CPE	Name	Operator	Version
dora_emlak:dora_emlak	dora emlak	eq	2.0

References

osvdb.org/38820

osvdb.org/38821

osvdb.org/38822

secunia.com/advisories/27812

www.packetstormsecurity.org/0711-exploits/dora-sql.txt

www.securityfocus.com/bid/26574

www.vupen.com/english/advisories/2007/4000

exchange.xforce.ibmcloud.com/vulnerabilities/38634

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.9%

JSON

Related for CVE-2007-6140

cvelist1 prion1 nvd1