CVE-2007-3979

Опубликовано: 25 июл. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

Комментарий

Further information found at: http://secunia.com/advisories/26170/

Ссылки

http://osvdb.org/36278
http://secunia.com/advisories/26170
http://www.securityfocus.com/bid/24976
http://www.vupen.com/english/advisories/2007/2607
https://exchange.xforce.ibmcloud.com/vulnerabilities/35514
https://www.exploit-db.com/exploits/4206
http://osvdb.org/36278
http://secunia.com/advisories/26170
http://www.securityfocus.com/bid/24976
http://www.vupen.com/english/advisories/2007/2607
https://exchange.xforce.ibmcloud.com/vulnerabilities/35514
https://www.exploit-db.com/exploits/4206

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netart_media:blog_system:*:*:*:*:*:*:*:*

Версия до 1.2 (включая)

EPSS

Процентиль: 76%

0.00929

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fpv5-2m85-w77h

github

почти 4 года назад