CVE-2007-3909

critical

Description

Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35406

http://www.securityfocus.com/bid/25094

http://www.portcullis-security.com/uplds/advisories/Bandersnatch%20-%2007-006.txt

http://www.osvdb.org/38268

http://secunia.com/advisories/26202

Details

Source: Mitre, NVD

Published: 2007-07-19

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics