CVE-2007-6373

{"id": "CVE-2007-6373", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-12-15T01:46:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=119730791316604&w=2", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26799", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38945", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en GestDown 1.00 Beta. Permite que atacantes remotos ejecuten comandos SQL de su elecci\u00f3n, usando (1) el par\u00e1metro categorie pasado a catdownload.php, o el par\u00e1metro id pasado a (2) download.php o (3) hitcounter.php."}], "lastModified": "2017-08-08T01:29:07.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gestdown:gestdown:1.00_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06CBC5AF-B1EA-4ACD-BBC2-3F05F979C86B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}