7.5
CVE-2007-2854
- EPSS 1.2%
- Veröffentlicht 24.05.2007 19:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bti-tracker ≫ Bti-tracker Version <= 1.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.2% | 0.64 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://osvdb.org/36316
http://secunia.com/advisories/25382
http://www.securityfocus.com/bid/24094
http://www.vupen.com/english/advisories/2007/1921
https://exchange.xforce.ibmcloud.com/vulnerabilities/34447
https://www.exploit-db.com/exploits/3970