Lucene search

MitreCVE-2007-1469

HistoryMar 16, 2007 - 9:19 p.m.

CVE-2007-1469

2007-03-1621:19:00

CWE-89

mitre

web.nvd.nist.gov

cve-2007-1469

sql injection

absolute image gallery 2.0

remote attackers

arbitrary sql commands

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.002

Percentile

53.1%

JSON

SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

Affected configurations

Nvd

Node

xiglaabsolute_image_gallery_xeMatch2.0

VendorProductVersionCPE
xiglaabsolute_image_gallery_xe2.0cpe:2.3:a:xigla:absolute_image_gallery_xe:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xigla	absolute_image_gallery_xe	2.0	cpe:2.3:a:xigla:absolute_image_gallery_xe:2.0:::::::*

References

secunia.com/advisories/24543

securityreason.com/securityalert/2429

www.osvdb.org/34239

www.securityfocus.com/archive/1/462971/100/0/threaded

www.securityfocus.com/bid/22988

www.vupen.com/english/advisories/2007/1002

exchange.xforce.ibmcloud.com/vulnerabilities/33005

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.002

Percentile

53.1%

JSON

Related for CVE-2007-1469