Vulnerability Details CVE-2007-3354
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/36330
- http://securityreason.com/securityalert/2824
- http://www.securityfocus.com/archive/1/471944/100/0/threaded
- http://www.securityfocus.com/bid/24584
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34994
- http://osvdb.org/36330
- http://securityreason.com/securityalert/2824
- http://www.securityfocus.com/archive/1/471944/100/0/threaded
- http://www.securityfocus.com/bid/24584
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34994
Products affected by CVE-2007-3354
-
cpe:2.3:a:scriptdevelopers.net:netclassifieds:1.0.1
-
cpe:2.3:a:scriptdevelopers.net:netclassifieds:1.5.1
-
cpe:2.3:a:scriptdevelopers.net:netclassifieds:1.9.6.3