CVE-2007-1304

CVE-2007-1304

EPSS 1.2%

Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://belsec.com/advisories/142/summary.html http://secunia.com/advisories/24411 http://securityreason.com/securityalert/2350 https://exchange.xforce.ibmcloud.com/vulnerabilities/32811 http://www.securityfocus.com/archive/1/461910/100/0/threaded http://www.securityfocus.com/bid/22820