CVE-2007-3909

Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors.

Published: Jul 19, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3909
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
bandersnatch / bandersnatch	0.4	0.4.x

http://secunia.com/advisories/26202
http://www.osvdb.org/38268
http://www.portcullis-security.com/uplds/advisories/Bandersnatch%20-%2007-006.txt
http://www.securityfocus.com/bid/25094
https://exchange.xforce.ibmcloud.com/vulnerabilities/35406

Vulnerability Database

CVE-2007-3909