Lucene search

[email protected]CVE-2007-1254

HistoryMar 03, 2007 - 8:19 p.m.

CVE-2007-1254

2007-03-0320:19:00

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

connectix boards

part.userprofile.php

remote authenticated users

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.5%

JSON

SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.

Affected configurations

NVD

Node

connectixconnectix_boardsMatch0.4

connectixconnectix_boardsMatch0.4.1

connectixconnectix_boardsMatch0.4.2

connectixconnectix_boardsMatch0.4.3

connectixconnectix_boardsMatch0.4.4

connectixconnectix_boardsMatch0.5

connectixconnectix_boardsMatch0.5.1

connectixconnectix_boardsMatch0.5.2

connectixconnectix_boardsMatch0.5.3

connectixconnectix_boardsMatch0.5.4

connectixconnectix_boardsMatch0.5.5

connectixconnectix_boardsMatch0.6

connectixconnectix_boardsMatch0.6.1

connectixconnectix_boardsMatch0.7

CPENameOperatorVersion
connectix:connectix_boardsconnectix connectix boardseq0.4
connectix:connectix_boardsconnectix connectix boardseq0.4.1
connectix:connectix_boardsconnectix connectix boardseq0.4.2
connectix:connectix_boardsconnectix connectix boardseq0.4.3
connectix:connectix_boardsconnectix connectix boardseq0.4.4
connectix:connectix_boardsconnectix connectix boardseq0.5
connectix:connectix_boardsconnectix connectix boardseq0.5.1
connectix:connectix_boardsconnectix connectix boardseq0.5.2
connectix:connectix_boardsconnectix connectix boardseq0.5.3
connectix:connectix_boardsconnectix connectix boardseq0.5.4

CPE	Name	Operator	Version
connectix:connectix_boards	connectix connectix boards	eq	0.4
connectix:connectix_boards	connectix connectix boards	eq	0.4.1
connectix:connectix_boards	connectix connectix boards	eq	0.4.2
connectix:connectix_boards	connectix connectix boards	eq	0.4.3
connectix:connectix_boards	connectix connectix boards	eq	0.4.4
connectix:connectix_boards	connectix connectix boards	eq	0.5
connectix:connectix_boards	connectix connectix boards	eq	0.5.1
connectix:connectix_boards	connectix connectix boards	eq	0.5.2
connectix:connectix_boards	connectix connectix boards	eq	0.5.3
connectix:connectix_boards	connectix connectix boards	eq	0.5.4

Rows per page:

1-10 of 141

References

osvdb.org/33537

secunia.com/advisories/24255

securityreason.com/securityalert/2364

www.securityfocus.com/archive/1/460947/100/0/threaded

www.exploit-db.com/exploits/3352

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.5%

JSON

Related for CVE-2007-1254

prion1 cvelist1 nvd1 securityvulns1