ID CVE-2007-1304
Summary Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:savas_place:savas_guestbook:2006-11-23:*:*:*:*:*:*:*
    cpe:2.3:a:savas_place:savas_guestbook:2006-11-23:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 22820
bugtraq 20070305 Sava's GuestBook Multiple Vulnerabilities
misc http://belsec.com/advisories/142/summary.html
secunia 24411
sreason 2350
xf savasguestbook-add2-sql-injection(32811)
Last major update 14-02-2024 - 01:17
Published 07-03-2007 - 00:19
Last modified 14-02-2024 - 01:17
Back to Top