1. CVE-Search
  2. CVE-2007-2598
ID CVE-2007-2598
Summary SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:simplenews:simplenews:1.0.0_final:*:*:*:*:*:*:*
    cpe:2.3:a:simplenews:simplenews:1.0.0_final:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 23904
exploit-db 3886
misc http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt
osvdb 35910
secunia 25223
vupen ADV-2007-1741
xf simplenews-print-sql-injection(34220)
Last major update 14-02-2024 - 01:17
Published 11-05-2007 - 10:19
Last modified 14-02-2024 - 01:17
Back to Top