Lucene search

[email protected]CVE-2007-1548

HistoryMar 20, 2007 - 10:19 p.m.

CVE-2007-1548

2007-03-2022:19:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

web wiz forums

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via "’ (backslash double-quote quote) sequences, which are collapsed into '', as demonstrated via the name parameter to forum/pop_up_member_search.asp.

Affected configurations

NVD

Node

webwizguideweb_wiz_forumsRange≤8.05

webwizguideweb_wiz_forumsMatch5.21

webwizguideweb_wiz_forumsMatch5.22

webwizguideweb_wiz_forumsMatch6beta_1

webwizguideweb_wiz_forumsMatch6beta_2

webwizguideweb_wiz_forumsMatch6beta_3

webwizguideweb_wiz_forumsMatch6beta_4

webwizguideweb_wiz_forumsMatch6beta_5

webwizguideweb_wiz_forumsMatch6beta_6

webwizguideweb_wiz_forumsMatch6.0

webwizguideweb_wiz_forumsMatch6.10

webwizguideweb_wiz_forumsMatch6.11

webwizguideweb_wiz_forumsMatch6.12

webwizguideweb_wiz_forumsMatch6.20

webwizguideweb_wiz_forumsMatch6.21

webwizguideweb_wiz_forumsMatch6.22

webwizguideweb_wiz_forumsMatch6.23

webwizguideweb_wiz_forumsMatch6.24

webwizguideweb_wiz_forumsMatch6.25

webwizguideweb_wiz_forumsMatch6.26

webwizguideweb_wiz_forumsMatch6.27

webwizguideweb_wiz_forumsMatch6.28

webwizguideweb_wiz_forumsMatch6.29

webwizguideweb_wiz_forumsMatch6.30

webwizguideweb_wiz_forumsMatch6.32

webwizguideweb_wiz_forumsMatch6.33

webwizguideweb_wiz_forumsMatch6.34

webwizguideweb_wiz_forumsMatch7beta_4

webwizguideweb_wiz_forumsMatch7rc1

webwizguideweb_wiz_forumsMatch7.0

webwizguideweb_wiz_forumsMatch7.01

webwizguideweb_wiz_forumsMatch7.5

webwizguideweb_wiz_forumsMatch7.5beta_1

webwizguideweb_wiz_forumsMatch7.6

webwizguideweb_wiz_forumsMatch7.7

webwizguideweb_wiz_forumsMatch7.7a

webwizguideweb_wiz_forumsMatch7.8

webwizguideweb_wiz_forumsMatch7.9

webwizguideweb_wiz_forumsMatch7.51

webwizguideweb_wiz_forumsMatch7.51a

webwizguideweb_wiz_forumsMatch7.92

webwizguideweb_wiz_forumsMatch7.95

webwizguideweb_wiz_forumsMatch7.96

webwizguideweb_wiz_forumsMatch8beta_1

webwizguideweb_wiz_forumsMatch8beta_2

webwizguideweb_wiz_forumsMatch8rc1

webwizguideweb_wiz_forumsMatch8rc1.1

webwizguideweb_wiz_forumsMatch8.0

webwizguideweb_wiz_forumsMatch8.01

webwizguideweb_wiz_forumsMatch8.02

webwizguideweb_wiz_forumsMatch8.03

webwizguideweb_wiz_forumsMatch8.04

CPENameOperatorVersion
webwizguide:web_wiz_forumswebwizguide web wiz forumsle8.05
webwizguide:web_wiz_forumswebwizguide web wiz forumseq5.21
webwizguide:web_wiz_forumswebwizguide web wiz forumseq5.22
webwizguide:web_wiz_forumswebwizguide web wiz forumseq6
webwizguide:web_wiz_forumswebwizguide web wiz forumseq6.0
webwizguide:web_wiz_forumswebwizguide web wiz forumseq6.10
webwizguide:web_wiz_forumswebwizguide web wiz forumseq6.11
webwizguide:web_wiz_forumswebwizguide web wiz forumseq6.12
webwizguide:web_wiz_forumswebwizguide web wiz forumseq6.20
webwizguide:web_wiz_forumswebwizguide web wiz forumseq6.21

CPE	Name	Operator	Version
webwizguide:web_wiz_forums	webwizguide web wiz forums	le	8.05
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	5.21
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	5.22
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	6
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	6.0
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	6.10
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	6.11
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	6.12
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	6.20
webwizguide:web_wiz_forums	webwizguide web wiz forums	eq	6.21

Rows per page:

1-10 of 421

References

ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html

osvdb.org/34344

secunia.com/advisories/24561

securityreason.com/securityalert/2456

www.securityfocus.com/archive/1/463287/100/0/threaded

www.securityfocus.com/bid/23051

www.vupen.com/english/advisories/2007/1061

www.webwizguide.info/web_wiz_forums/Version%20History.txt

exchange.xforce.ibmcloud.com/vulnerabilities/33095

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for CVE-2007-1548

cvelist1 prion1 nvd1 securityvulns1