CVE-2007-3526

Loading...

General

Score:7.5/10.0
Severity:High
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 03/07/07 - Updated on 29/09/17

Description

Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2007-3526

Exploits

Exploit-DBEDB-4128
SecurityFocusBID-24726

Relative technologies

VendorProduct
vastal_i-techbuddy_zone

Share this vulnerability with:

Twitter Facebook LinkedIn Mail