CVE-2007-0695 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Free Lan Intra Internet Portal	Free Lan Intra Internet Portal

Configuration 1 [-]

OR	cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal::::::::
	cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730:::::::*
	cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029:::::::*
	cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1:::::::*

No data.

References

Link	Providers
http://osvdb.org/33649
http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260
http://www.attrition.org/pipermail/vim/2007-February/001282.html
http://www.vupen.com/english/advisories/2007/0454
https://exchange.xforce.ibmcloud.com/vulnerabilities/31902

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-03T22:00:00

Updated: 2024-08-07T12:26:54.389Z

Reserved: 2007-02-03T00:00:00

Link: CVE-2007-0695

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-02-03T22:28:00.000

Modified: 2024-11-21T00:26:30.670

Link: CVE-2007-0695

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "flip-multiple-sql-injection(31902)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31902"}, {"name": "ADV-2007-0454", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0454"}, {"name": "20070203 FLIP SQL injection clarification", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001282.html"}, {"name": "33649", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33649"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "flip-multiple-sql-injection(31902)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31902"}, {"name": "ADV-2007-0454", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0454"}, {"name": "20070203 FLIP SQL injection clarification", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001282.html"}, {"name": "33649", "refsource": "OSVDB", "url": "http://osvdb.org/33649"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:54.389Z"}, "title": "CVE Program Container", "references": [{"name": "flip-multiple-sql-injection(31902)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31902"}, {"name": "ADV-2007-0454", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0454"}, {"name": "20070203 FLIP SQL injection clarification", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001282.html"}, {"name": "33649", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33649"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0695", "datePublished": "2007-02-03T22:00:00", "dateReserved": "2007-02-03T00:00:00", "dateUpdated": "2024-08-07T12:26:54.389Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "969E0815-2213-4671-AEE2-090F20A8E423", "versionEndIncluding": "1.0_rc2", "vulnerable": true}, {"criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730:*:*:*:*:*:*:*", "matchCriteriaId": "702B5C03-6994-41F8-9C73-7D57ABCC92DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029:*:*:*:*:*:*:*", "matchCriteriaId": "367EF43F-CCD2-47FF-9296-B0E3CF2655AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "E35C6D3D-2086-4C30-97FB-2D4C61792CD1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Free LAN In(tra|ter)net Portal (FLIP) versiones anteriores a 1.0-RC3, permite a atacantes remotos ejecutar comandos SQL arbitrario por medio de vectores no especificados. NOTA: algunas fuentes mencionan las funciones escape_sqlData, implode_sql, e implode_sqlIn, pero \u00e9stas son esquemas de protecci\u00f3n, no las funciones vulnerables."}], "id": "CVE-2007-0695", "lastModified": "2024-11-21T00:26:30.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-03T22:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33649"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-February/001282.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0454"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/33649"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2007-February/001282.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31902"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}