CVE-2007-0695 - OpenCVE

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Free Lan Intra Internet Portal	Free Lan Intra Internet Portal

Configuration 1 [-]

OR	cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal::::::::
	cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730:::::::*
	cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029:::::::*
	cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1:::::::*

References

Link	Resource
http://osvdb.org/33649
http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260
http://www.attrition.org/pipermail/vim/2007-February/001282.html
http://www.vupen.com/english/advisories/2007/0454	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31902

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-03T22:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-02-03T00:00:00

Link: CVE-2007-0695

JSON object: View

NVD Information

Status : Modified

Published: 2007-02-03T22:28:00.000

Modified: 2017-07-29T01:30:21.077

Link: CVE-2007-0695

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "flip-multiple-sql-injection(31902)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31902"}, {"name": "ADV-2007-0454", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0454"}, {"name": "20070203 FLIP SQL injection clarification", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001282.html"}, {"name": "33649", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33649"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "flip-multiple-sql-injection(31902)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31902"}, {"name": "ADV-2007-0454", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0454"}, {"name": "20070203 FLIP SQL injection clarification", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001282.html"}, {"name": "33649", "refsource": "OSVDB", "url": "http://osvdb.org/33649"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0695", "datePublished": "2007-02-03T22:00:00", "dateReserved": "2007-02-03T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "969E0815-2213-4671-AEE2-090F20A8E423", "versionEndIncluding": "1.0_rc2", "vulnerable": true}, {"criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730:*:*:*:*:*:*:*", "matchCriteriaId": "702B5C03-6994-41F8-9C73-7D57ABCC92DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029:*:*:*:*:*:*:*", "matchCriteriaId": "367EF43F-CCD2-47FF-9296-B0E3CF2655AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "E35C6D3D-2086-4C30-97FB-2D4C61792CD1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Free LAN In(tra|ter)net Portal (FLIP) versiones anteriores a 1.0-RC3, permite a atacantes remotos ejecutar comandos SQL arbitrario por medio de vectores no especificados. NOTA: algunas fuentes mencionan las funciones escape_sqlData, implode_sql, e implode_sqlIn, pero \u00e9stas son esquemas de protecci\u00f3n, no las funciones vulnerables."}], "id": "CVE-2007-0695", "lastModified": "2017-07-29T01:30:21.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-03T22:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33649"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-February/001282.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0454"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31902"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}