← back
CVE-2007-3526

CVE-2007-3526

EPSS 2.5%
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/4128unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/38960http://osvdb.org/38961http://osvdb.org/38962https://exchange.xforce.ibmcloud.com/vulnerabilities/35187https://www.exploit-db.com/exploits/4128http://www.securityfocus.com/bid/24726