CVE-2007-1902

Опубликовано: 14 мая 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php.

Ссылки

http://marc.info/?l=full-disclosure&m=117914598917534&w=2
http://secunia.com/advisories/25279
http://www.netvigilance.com/advisory0019
Exploit
Vendor Advisory
http://www.osvdb.org/33907
http://www.securityfocus.com/archive/1/468536/100/0/threaded
http://www.securityfocus.com/bid/23964
http://www.vupen.com/english/advisories/2007/1816
https://exchange.xforce.ibmcloud.com/vulnerabilities/34258
http://marc.info/?l=full-disclosure&m=117914598917534&w=2
http://secunia.com/advisories/25279
http://www.netvigilance.com/advisory0019
Exploit
Vendor Advisory
http://www.osvdb.org/33907
http://www.securityfocus.com/archive/1/468536/100/0/threaded
http://www.securityfocus.com/bid/23964
http://www.vupen.com/english/advisories/2007/1816
https://exchange.xforce.ibmcloud.com/vulnerabilities/34258

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sonicbb:sonicbb:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01379

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-h9rc-xm3m-wx6m

github

почти 4 года назад