CVE-2007-1363

{"id": "CVE-2007-1363", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-04-11T22:19:00.000", "references": [{"url": "http://secunia.com/advisories/24861", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cynops.de/advisories/CVE-2007-1363.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23400", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33560", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24861", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cynops.de/advisories/CVE-2007-1363.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23400", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33560", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en DropAFew anterior a 0.2.1 permite a atacantes remotos ejecutar comandos sql de su elecci\u00f3n mediante el par\u00e1metro (1) id en la acci\u00f3n de borrado en (a) search.php o (b) search-pda.php, o el par\u00e1metro (2) calories en la acci\u00f3n de guardar en editlogcal.php."}], "lastModified": "2024-11-21T00:28:07.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dropafew:dropafew:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64C4B696-C5AF-4C47-91BB-B6EE202D6D89", "versionEndIncluding": "0.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}