CVE-2007-2299

critical

Description

Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.

References

https://www.exploit-db.com/exploits/3731

https://exchange.xforce.ibmcloud.com/vulnerabilities/33640

http://www.vupen.com/english/advisories/2007/1388

http://osvdb.org/35528

http://osvdb.org/35527

http://osvdb.org/35526

Details

Source: Mitre, NVD

Published: 2007-04-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00824