CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-4456

SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/26556
http://securityreason.com/securityalert/3041
http://www.securityfocus.com/archive/1/477174/100/0/threaded
http://www.securityfocus.com/archive/1/477232/100/0/threaded
http://www.securityfocus.com/bid/25376
https://exchange.xforce.ibmcloud.com/vulnerabilities/36113
https://www.exploit-db.com/exploits/4296
http://secunia.com/advisories/26556
http://securityreason.com/securityalert/3041
http://www.securityfocus.com/archive/1/477174/100/0/threaded
http://www.securityfocus.com/archive/1/477232/100/0/threaded
http://www.securityfocus.com/bid/25376
https://exchange.xforce.ibmcloud.com/vulnerabilities/36113
https://www.exploit-db.com/exploits/4296

Products affected by CVE-2007-4456

Mambo » Mambo » Version: Any

cpe:2.3:a:mambo:mambo:*
Parkview Consultants » Simplefaq » Version: 2.11

cpe:2.3:a:parkview_consultants:simplefaq:2.11
Parkview Consultants » Simplefaq » Version: 2.40

cpe:2.3:a:parkview_consultants:simplefaq:2.40

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-4456

Products

Pricing

Contact Us