Lucene search

[email protected]CVE-2007-6164

HistoryNov 29, 2007 - 1:46 a.m.

CVE-2007-6164

2007-11-2901:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-6164

sql injection

eurologon cms

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.4%

JSON

Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.

Affected configurations

NVD

Node

eurologoneurologon_cms

CPENameOperatorVersion
eurologon:eurologon_cmseurologon eurologon cmseq*

CPE	Name	Operator	Version
eurologon:eurologon_cms	eurologon eurologon cms	eq	*

References

www.securityfocus.com/archive/1/484275/100/0/threaded

www.securityfocus.com/bid/26599

exchange.xforce.ibmcloud.com/vulnerabilities/38656

www.exploit-db.com/exploits/4665

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.4%

JSON

Related for CVE-2007-6164

cvelist1 prion1 nvd1