← back
CVE-2007-2312

CVE-2007-2312

EPSS 1.2%
Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/2170unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/2642https://exchange.xforce.ibmcloud.com/vulnerabilities/33649http://www.attrition.org/pipermail/vim/2007-April/001519.htmlhttp://www.securityfocus.com/archive/1/465612/100/0/threadedhttp://www.securityfocus.com/bid/23478http://www.waraxe.us/advisory-48.html