Lucene search

PRIOn knowledge basePRION:CVE-2007-4456

HistoryAug 21, 2007 - 9:17 p.m.

Sql injection

2007-08-2121:17:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

64.3%

JSON

SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.

CPENameOperatorVersion
simplefaqeq2.11
simplefaqeq2.40

CPE	Name	Operator	Version
	simplefaq	eq	2.11
	simplefaq	eq	2.40

References

secunia.com/advisories/26556

securityreason.com/securityalert/3041

www.securityfocus.com/archive/1/477174/100/0/threaded

www.securityfocus.com/archive/1/477232/100/0/threaded

www.securityfocus.com/bid/25376

exchange.xforce.ibmcloud.com/vulnerabilities/36113

www.exploit-db.com/exploits/4296

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

64.3%

JSON

Related for PRION:CVE-2007-4456