CVE-2007-3990

critical

Description

SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35555

http://www.vupen.com/english/advisories/2007/2605

http://www.securityfocus.com/bid/25004

http://secunia.com/advisories/26173

Details

Source: Mitre, NVD

Published: 2007-07-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00397