Lucene search

[email protected]CVE-2007-0970

HistoryFeb 16, 2007 - 1:28 a.m.

CVE-2007-0970

2007-02-1601:28:00

[email protected]

web.nvd.nist.gov

cve

sql injection

webtester

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.7%

JSON

Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.

Affected configurations

NVD

Node

webtesterwebtesterRange≤5.0_2006-09-27

CPENameOperatorVersion
webtester:webtesterwebtesterle5.0_2006-09-27

CPE	Name	Operator	Version
webtester:webtester	webtester	le	5.0_2006-09-27

References

osvdb.org/33203

osvdb.org/33204

secunia.com/advisories/24157

securityreason.com/securityalert/2261

www.securityfocus.com/archive/1/460078/100/0/threaded

www.securityfocus.com/bid/22559

www.vupen.com/english/advisories/2007/0633

exchange.xforce.ibmcloud.com/vulnerabilities/32490

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for CVE-2007-0970

nvd1 prion1 cvelist1 securityvulns1