CVE-2007-3583 - Vulnerability Details - OpenCVE

SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Girlserv	Girlserv Ads

Configuration 1 [-]

cpe:2.3:a:girlserv:girlserv_ads:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/36365
http://secunia.com/advisories/25925
http://www.securityfocus.com/bid/24755
http://www.vupen.com/english/advisories/2007/2434
https://exchange.xforce.ibmcloud.com/vulnerabilities/35253
https://www.exploit-db.com/exploits/4142

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-05T20:00:00

Updated: 2024-08-07T14:21:36.385Z

Reserved: 2007-07-05T00:00:00

Link: CVE-2007-3583

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-05T20:30:00.000

Modified: 2024-11-21T00:33:35.357

Link: CVE-2007-3583

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-03T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "girlserv-detailsnews-sql-injection(35253)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35253"}, {"name": "36365", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36365"}, {"name": "24755", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24755"}, {"name": "ADV-2007-2434", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2434"}, {"name": "4142", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4142"}, {"name": "25925", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25925"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3583", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "girlserv-detailsnews-sql-injection(35253)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35253"}, {"name": "36365", "refsource": "OSVDB", "url": "http://osvdb.org/36365"}, {"name": "24755", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24755"}, {"name": "ADV-2007-2434", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2434"}, {"name": "4142", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4142"}, {"name": "25925", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25925"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:21:36.385Z"}, "title": "CVE Program Container", "references": [{"name": "girlserv-detailsnews-sql-injection(35253)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35253"}, {"name": "36365", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36365"}, {"name": "24755", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24755"}, {"name": "ADV-2007-2434", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2434"}, {"name": "4142", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4142"}, {"name": "25925", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25925"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3583", "datePublished": "2007-07-05T20:00:00", "dateReserved": "2007-07-05T00:00:00", "dateUpdated": "2024-08-07T14:21:36.385Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:girlserv:girlserv_ads:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E0CBD8-19B4-42FC-8B98-1AA28996FEB4", "versionEndIncluding": "1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en details_news.php de Girlserv ads 1.5 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro idnew."}], "id": "CVE-2007-3583", "lastModified": "2024-11-21T00:33:35.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-05T20:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36365"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25925"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/24755"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2434"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35253"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25925"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/24755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4142"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}