CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-3354

HIGH
7.5
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile24.82th
Published2007年6月22日
Last Modified2026年4月23日

Vulnerability Description

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.

Affected Platforms (CPE)

📦
Scriptdevelopers.net

Netclassifieds

= 1.0.1
📦
Scriptdevelopers.net

Netclassifieds

= 1.0.1
📦
Scriptdevelopers.net

Netclassifieds

= 1.5.1
📦
Scriptdevelopers.net

Netclassifieds

= 1.9.6.3

References & Advisories

🔗 http://osvdb.org/36330
🔗 http://securityreason.com/securityalert/2824
🔗 http://www.securityfocus.com/archive/1/471944/100/0/threaded
🔗 http://www.securityfocus.com/bid/24584
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/34994
🔗 http://osvdb.org/36330
🔗 http://securityreason.com/securityalert/2824
🔗 http://www.securityfocus.com/archive/1/471944/100/0/threaded

相关漏洞威胁

CVE-2007-335710.0

NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers...

CVE-2007-33567.8

NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path i...

CVE-2005-39787.5

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6...

CVE-2007-33554.3

Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary w...