CVE-2007-0695

Published Feb 3, 2007

Last updated 8 years ago

CVSS info 7.5

Overview

Description: Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "969E0815-2213-4671-AEE2-090F20A8E423",
            "versionEndIncluding": "1.0_rc2"
          },
          {
            "criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "702B5C03-6994-41F8-9C73-7D57ABCC92DC"
          },
          {
            "criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "367EF43F-CCD2-47FF-9296-B0E3CF2655AC"
          },
          {
            "criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E35C6D3D-2086-4C30-97FB-2D4C61792CD1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References