Lucene search

MitreCVE-2007-0693

HistoryMay 30, 2007 - 8:30 p.m.

CVE-2007-0693

2007-05-3020:30:00

mitre

web.nvd.nist.gov

cve-2007-0693

sql injection

dgnews 2.1

remote attackers

arbitrary sql commands

xss

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).

Affected configurations

Nvd

Node

dian_gemilangdgnewsMatch1.5.1

dian_gemilangdgnewsMatch2.1

VendorProductVersionCPE
dian_gemilangdgnews1.5.1cpe:2.3:a:dian_gemilang:dgnews:1.5.1:*:*:*:*:*:*:*
dian_gemilangdgnews2.1cpe:2.3:a:dian_gemilang:dgnews:2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dian_gemilang	dgnews	1.5.1	cpe:2.3:a:dian_gemilang:dgnews:1.5.1:::::::*
dian_gemilang	dgnews	2.1	cpe:2.3:a:dian_gemilang:dgnews:2.1:::::::*

References

secunia.com/advisories/25438

securityreason.com/securityalert/2740

www.netvigilance.com/advisory0022

www.osvdb.org/34227

www.securityfocus.com/archive/1/469828/100/0/threaded

www.securityfocus.com/bid/24201

www.vupen.com/english/advisories/2007/1981

exchange.xforce.ibmcloud.com/vulnerabilities/34539

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

Related for CVE-2007-0693