CVE Vulnerability

CVE-2007-1363

Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.cynops.de/advisories/CVE-2007-1363.txt Vendor Advisory
http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437 Patch
http://www.securityfocus.com/bid/23400
http://secunia.com/advisories/24861 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33560
Configurations

Configuration 1

cpe:2.3:a:dropafew:dropafew:*:*:*:*:*:*:*:*
Information

Published : 2007-04-11 10:19

Updated : 2017-07-29 01:30

NVD link : CVE-2007-1363

Mitre link : CVE-2007-1363

Products Affected
No products.
CWE
NVD-CWE-Other