ByteOS Network

NVD Vulnerability Details :

CVE-2007-1304

Modified

Source-cve@mitre.org

Published At-07 Mar, 2007 | 00:19

Updated At-14 Feb, 2024 | 01:17

Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

savas_place>>savas_guestbook>>2006-11-23

cpe:2.3:a:savas_place:savas_guestbook:2006-11-23:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Evaluator Impact

Successful exploitation requires that "magic_quotes_gpc" is disabled.

References

Hyperlink	Source	Resource
http://belsec.com/advisories/142/summary.html	cve@mitre.org	URL Repurposed
http://secunia.com/advisories/24411	cve@mitre.org	N/A
http://securityreason.com/securityalert/2350	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/461910/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/22820	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/32811	cve@mitre.org	N/A