PRIOn knowledge basePRION:CVE-2007-2599Sql injection
9.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.5%
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to © openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tutorialcms | le | 1.00 |
References
osvdb.org/35899
osvdb.org/35900
osvdb.org/35901
osvdb.org/35902
osvdb.org/35903
osvdb.org/35905
secunia.com/advisories/25222
www.securityfocus.com/bid/23905
www.vupen.com/english/advisories/2007/1742
www.wavelinkmedia.com/scripts/tutorialcms/
exchange.xforce.ibmcloud.com/vulnerabilities/34214
www.exploit-db.com/exploits/3887
9.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.5%