Lucene search

[email protected]CVE-2007-6556

HistoryDec 28, 2007 - 12:46 a.m.

CVE-2007-6556

2007-12-2800:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

vulnerability

websihirbazi 5.1.1

remote attackers

nvd

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

42.7%

JSON

Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.

CPENameOperatorVersion
websihirbazi:websihirbaziwebsihirbazieq5.1.1

CPE	Name	Operator	Version
websihirbazi:websihirbazi	websihirbazi	eq	5.1.1

References

osvdb.org/39640

secunia.com/advisories/28206

www.securityfocus.com/bid/27031

exchange.xforce.ibmcloud.com/vulnerabilities/39216

www.exploit-db.com/exploits/4777

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for CVE-2007-6556

prion1