{"api_version":"1","generated_at":"2026-04-25T09:56:55+00:00","cve":"CVE-2007-1902","urls":{"html":"https://cve.report/CVE-2007-1902","api":"https://cve.report/api/cve/CVE-2007-1902.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-1902","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-1902"},"summary":{"title":"CVE-2007-1902","description":"Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-05-14 21:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/archive/1/468536/100/0/threaded","name":"http://www.securityfocus.com/archive/1/468536/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/33907","name":"http://www.osvdb.org/33907","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/23964","name":"http://www.securityfocus.com/bid/23964","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SonicBB Multiple SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.netvigilance.com/advisory0019","name":"http://www.netvigilance.com/advisory0019","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"netVigilance, Inc. - Security Advisories","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1816","name":"http://www.vupen.com/english/advisories/2007/1816","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25279","name":"http://secunia.com/advisories/25279","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SonicBB SQL Injection and Cross-Site Scripting - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=full-disclosure&m=117914598917534&w=2","name":"http://marc.info/?l=full-disclosure&m=117914598917534&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'[Full-disclosure] SonicBB version 1.0 Multiple SQL Injection' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34258","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34258","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-1902","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1902","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"1902","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sonicbb","cpe5":"sonicbb","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:13:41.806Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"sonicbb-search-sql-injection(34258)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34258"},{"name":"20070514 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://marc.info/?l=full-disclosure&m=117914598917534&w=2"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.netvigilance.com/advisory0019"},{"name":"ADV-2007-1816","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1816"},{"name":"20070514 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/468536/100/0/threaded"},{"name":"25279","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/25279"},{"name":"23964","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/23964"},{"name":"33907","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/33907"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"sonicbb-search-sql-injection(34258)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34258"},{"name":"20070514 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://marc.info/?l=full-disclosure&m=117914598917534&w=2"},{"tags":["x_refsource_MISC"],"url":"http://www.netvigilance.com/advisory0019"},{"name":"ADV-2007-1816","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1816"},{"name":"20070514 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/468536/100/0/threaded"},{"name":"25279","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/25279"},{"name":"23964","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/23964"},{"name":"33907","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/33907"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-1902","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"sonicbb-search-sql-injection(34258)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34258"},{"name":"20070514 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities","refsource":"FULLDISC","url":"http://marc.info/?l=full-disclosure&m=117914598917534&w=2"},{"name":"http://www.netvigilance.com/advisory0019","refsource":"MISC","url":"http://www.netvigilance.com/advisory0019"},{"name":"ADV-2007-1816","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1816"},{"name":"20070514 SonicBB version 1.0 Multiple SQL Injection Vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/468536/100/0/threaded"},{"name":"25279","refsource":"SECUNIA","url":"http://secunia.com/advisories/25279"},{"name":"23964","refsource":"BID","url":"http://www.securityfocus.com/bid/23964"},{"name":"33907","refsource":"OSVDB","url":"http://www.osvdb.org/33907"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-1902","datePublished":"2007-05-14T21:00:00.000Z","dateReserved":"2007-04-10T00:00:00.000Z","dateUpdated":"2024-08-07T13:13:41.806Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-14 21:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sonicbb:sonicbb:1.0:*:*:*:*:*:*:*","matchCriteriaId":"EECC87EC-0B2C-4D65-9E70-5DFE6FCE5119"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"1902","Ordinal":"1","Title":"CVE-2007-1902","CVE":"CVE-2007-1902","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"1902","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php.","Type":"Description","Title":"CVE-2007-1902"},{"CveYear":"2007","CveId":"1902","Ordinal":"2","NoteData":"2007-05-14","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"1902","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}