CVE-2007-0052

Current Description

SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter.

Basic Data

PublishedJanuary 04, 2007
Last ModifiedOctober 19, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationVizayn HaberVizayn Haber********

Vulnerable Software List

VendorProductVersions
Vizayn Haber Vizayn Haber *

References

NameSourceURLTags
31518http://osvdb.org/31518OSVDB
23576http://secunia.com/advisories/23576SECUNIAVendor Advisory
21836http://www.securityfocus.com/bid/21836BIDExploit
ADV-2007-0015http://www.vupen.com/english/advisories/2007/0015VUPEN
vicayn-haberdetay-sql-injection(31213)https://exchange.xforce.ibmcloud.com/vulnerabilities/31213XF
3061https://www.exploit-db.com/exploits/3061EXPLOIT-DB