CVE-2007-1304 in Savas Guestbookinformazioni

Riassunto

di MITRE

Multiple SQL injection vulnerabilities in add2.php in Sava s Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

06/03/2007

Divulgazione

06/03/2007

Moderazione

accettato

Voce

VDB-35467

CPE

pronto

CWE

CWE-89 (confermato)

CVSS

7.3 (VulDB)

EPSS

0.01177

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-1304
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1304
CVE Details	https://www.cvedetails.com/cve/CVE-2007-1304/

◂ Precedente Visione D'ensemble Il prossimo ▸

Interested in the pricing of exploits?

See the underground prices here!