Lucene search

[email protected]CVE-2007-6559

HistoryDec 28, 2007 - 12:46 a.m.

CVE-2007-6559

2007-12-2800:46:00

CWE-89

[email protected]

web.nvd.nist.gov

logaholic

sql injection

security vulnerability

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.9%

JSON

Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.

Affected configurations

NVD

Node

logaholiclogaholicMatch0

CPENameOperatorVersion
logaholic:logaholiclogaholiceq0

CPE	Name	Operator	Version
logaholic:logaholic	logaholic	eq	0

References

osvdb.org/39790

osvdb.org/39791

secunia.com/advisories/28263

securityreason.com/securityalert/3496

www.securityfocus.com/archive/1/485480/100/0/threaded

www.securityfocus.com/archive/1/490101/100/0/threaded

www.securityfocus.com/bid/27003

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.9%

JSON

Related for CVE-2007-6559

cvelist1 nvd1 openvas2 prion1