CVE-2007-6004

{"id": "CVE-2007-6004", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-11-15T22:46:00.000", "references": [{"url": "http://www.securityfocus.com/bid/26433", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3906", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38449", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4623", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en index.php de Toko Instan 7.6 permite a atacantes remotos ejecutar comandos sql de su elecci\u00f3n mediante los par\u00e1metros (1) id o (2) katid en una acci\u00f3n produk."}], "lastModified": "2017-09-29T01:29:46.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:toko:instan:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EB817E7-6B8B-48EA-A26B-2F54EC2E54CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}