Lucene search

[email protected]CVE-2007-2305

HistoryApr 26, 2007 - 9:19 p.m.

CVE-2007-2305

2007-04-2621:19:00

[email protected]

web.nvd.nist.gov

sql injection

authenticate.php

qdblog 0.4

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Affected configurations

NVD

Node

qdblogqdblogRange≤0.4

CPENameOperatorVersion
qdblog:qdblogqdblogle0.4

CPE	Name	Operator	Version
qdblog:qdblog	qdblog	le	0.4

References

osvdb.org/35746

www.securityfocus.com/bid/23485

www.vupen.com/english/advisories/2007/1387

exchange.xforce.ibmcloud.com/vulnerabilities/33631

www.exploit-db.com/exploits/3729

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2007-2305

prion1 cvelist1 nvd1