Lucene search

PRIOn knowledge basePRION:CVE-2007-2862

HistoryMay 24, 2007 - 7:30 p.m.

Sql injection

2007-05-2419:30:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.

CPENameOperatorVersion
cubecarteq3.0.16

CPE	Name	Operator	Version
	cubecart	eq	3.0.16

References

osvdb.org/38100

securityreason.com/securityalert/2730

www.securityfocus.com/archive/1/469301/100/0/threaded

www.securityfocus.com/bid/24100

exchange.xforce.ibmcloud.com/vulnerabilities/34460

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for PRION:CVE-2007-2862

cve1