Lucene search

[email protected]CVE-2007-6658

HistoryJan 04, 2008 - 11:46 a.m.

CVE-2007-6658

2008-01-0411:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-6658

sql injection

admin.php

vars.php

customcms

ccms 3.1 demo

remote attack

arbitrary sql commands

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.2%

JSON

SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.

CPENameOperatorVersion
customcms:ccmscustomcms ccmseq3.1

CPE	Name	Operator	Version
customcms:ccms	customcms ccms	eq	3.1

References

osvdb.org/39894

securityreason.com/securityalert/3510

www.securityfocus.com/archive/1/485633/100/0/threaded

www.securityfocus.com/bid/27069

exchange.xforce.ibmcloud.com/vulnerabilities/39317

www.exploit-db.com/exploits/4809

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.2%

JSON

Related for CVE-2007-6658

prion1