Lucene search

MitreCVE-2007-3430

HistoryJun 27, 2007 - 12:30 a.m.

CVE-2007-3430

2007-06-2700:30:00

mitre

web.nvd.nist.gov

cve

2007

3430

sql injection

simple invoices

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.008

Percentile

81.7%

JSON

SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.

Affected configurations

Nvd

Node

simple_invoicessimple_invoicesMatch2007-05-25

VendorProductVersionCPE
simple_invoicessimple_invoices2007-05-25cpe:2.3:a:simple_invoices:simple_invoices:2007-05-25:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
simple_invoices	simple_invoices	2007-05-25	cpe:2.3:a:simple_invoices:simple_invoices:2007-05-25:::::::*

References

osvdb.org/36293

secunia.com/advisories/25789

www.securityfocus.com/bid/24601

www.vupen.com/english/advisories/2007/2310

exchange.xforce.ibmcloud.com/vulnerabilities/35021

www.exploit-db.com/exploits/4098

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.008

Percentile

81.7%

JSON

Related for CVE-2007-3430