Lucene search

[email protected]CVE-2007-0527

HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0527

2007-01-2601:28:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

website baker

security vulnerability

remote execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

website_bakerwebsite_bakerRange≤2.6.5

CPENameOperatorVersion
website_baker:website_bakerwebsite bakerle2.6.5

CPE	Name	Operator	Version
website_baker:website_baker	website baker	le	2.6.5

References

osvdb.org/32945

secunia.com/advisories/23828

securityreason.com/securityalert/2185

www.securityfocus.com/archive/1/457684/100/0/threaded

www.securityfocus.com/bid/22176

www.vupen.com/english/advisories/2007/0311

exchange.xforce.ibmcloud.com/vulnerabilities/31692

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2007-0527

nvd1 cvelist1 nessus1 prion1 securityvulns1