CVE-2007-3290
Published Jun 20, 2007
Last updated 7 years ago
Overview
- Description
- categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- -
- Impact
- More information about this CVE can be found at: http://secunia.com/advisories/25744/
- Solution
- More information about this CVE can be found at: http://secunia.com/advisories/25744/
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:livecms:livecms:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6729E06-BC0B-403F-A371-D05A1AC71D6B"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7433D100-7F85-4362-A9A3-A146A248A713"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.3_rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0B602AF-2B86-46C8-BF76-0DC7C10A90E8"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.3_rc2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43170132-46EB-444E-BE89-E0C337D2CE61"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99DF575A-7541-46F2-A64F-DAED8F9BE64C"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.4a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2594CC1-7A1D-454B-9CD9-C1DCE2BD31F8"
}
],
"operator": "OR"
}
]
}
]