CVE-2007-4956
CVE-2007-4956
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencewww.exploit-db.com/exploits/4412unverifiedcve_referencewww.exploit-db.com/exploits/4413unverifiedcve_referencewww.exploit-db.com/exploits/4414unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29http://osvdb.org/37180http://osvdb.org/37182http://secunia.com/advisories/26850https://exchange.xforce.ibmcloud.com/vulnerabilities/36634https://exchange.xforce.ibmcloud.com/vulnerabilities/36635https://exchange.xforce.ibmcloud.com/vulnerabilities/36636https://www.exploit-db.com/exploits/4412https://www.exploit-db.com/exploits/4413https://www.exploit-db.com/exploits/4414http://www.securityfocus.com/bid/25679