Vulnerability Details CVE-2007-1624
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/24602
- http://www.osvdb.org/34342
- http://www.securityfocus.com/bid/23072
- http://www.vupen.com/english/advisories/2007/1060
- http://secunia.com/advisories/24602
- http://www.osvdb.org/34342
- http://www.securityfocus.com/bid/23072
- http://www.vupen.com/english/advisories/2007/1060
Products affected by CVE-2007-1624
-
cpe:2.3:a:realguestbook:realguestbook:5.01