CVE-2007-1575

high

Description

Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out.

References

http://www.securityfocus.com/bid/22955

http://www.securityfocus.com/archive/1/462789/100/0/threaded

http://www.phprojekt.com/index.php?name=News&file=article&sid=276

http://www.nruns.com/security_advisory_phprojekt_sql_injection.php

http://securityreason.com/securityalert/2466

http://security.gentoo.org/glsa/glsa-200706-07.xml

http://secunia.com/advisories/25748

http://secunia.com/advisories/24509

Details

Source: Mitre, NVD

Published: 2007-03-21

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High