Vulnerability CVE-2007-2159

Vulnerability Name:

CVE-2007-2159 (CCN-33586)

Assigned:

2007-04-11

Published:

2007-04-11

Updated:

2011-03-08

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-2159

Source: CCN
Type: DRUPAL-SA-2007-013
Multiple vulnerabilities in Database Administration (dba) module

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/135549

Source: OSVDB
Type: UNKNOWN
34961

Source: CCN
Type: SA24848
Drupal Database Administration Module Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
24848

Source: CCN
Type: OSVDB ID: 34961
Drupal Database Administration Module Multiple Unspecified XSS

Source: CCN
Type: BID-23440
Drupal Database Administration Module Multiple HTML-injection Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-1360

Source: XF
Type: UNKNOWN
drupal-dba-interface-xss(33586)

Vulnerable Configuration:

Configuration 1:

cpe:/a:drupal:database_administration_module:4.6:*:*:*:*:*:*:*

OR cpe:/a:drupal:database_administration_module:4.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK