Lucene search

PRIOn knowledge basePRION:CVE-2007-4918

HistorySep 17, 2007 - 5:17 p.m.

Sql injection

2007-09-1717:17:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.224 Low

EPSS

Percentile

96.4%

JSON

SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php.

CPENameOperatorVersion
gelatocmseq0.95
gelatocmseq0.90

CPE	Name	Operator	Version
	gelatocms	eq	0.95
	gelatocms	eq	0.90

References

osvdb.org/37087

secunia.com/advisories/26785

securityreason.com/securityalert/3148

www.securityfocus.com/archive/1/479466/100/0/threaded

www.securityfocus.com/bid/25677

www.vupen.com/english/advisories/2007/3179

exchange.xforce.ibmcloud.com/vulnerabilities/36617

www.exploit-db.com/exploits/4410

9.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.224 Low

EPSS

Percentile

96.4%

JSON

Related for PRION:CVE-2007-4918

cve1