Lucene search

[email protected]CVE-2007-1163

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2007-1163

2007-03-0221:18:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2007

sql injection

printview.php

webspell 4.01.02

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.1%

JSON

SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.

Affected configurations

NVD

Node

webspellwebspellRange≤4.01.02

webspellwebspellMatch4.0

webspellwebspellMatch4.01.00

webspellwebspellMatch4.01.01

CPENameOperatorVersion
webspell:webspellwebspellle4.01.02
webspell:webspellwebspelleq4.0
webspell:webspellwebspelleq4.01.00
webspell:webspellwebspelleq4.01.01

CPE	Name	Operator	Version
webspell:webspell	webspell	le	4.01.02
webspell:webspell	webspell	eq	4.0
webspell:webspell	webspell	eq	4.01.00
webspell:webspell	webspell	eq	4.01.01

References

osvdb.org/33231

secunia.com/advisories/24257

www.securityfocus.com/bid/22659

www.vupen.com/english/advisories/2007/0714

www.exploit-db.com/exploits/3351

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.1%

JSON

Related for CVE-2007-1163

nvd4 prion2 cvelist4 cve3 securityvulns1