CVE-2007-6375

EPSS 1.0%

Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/30880unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securityreason.com/securityalert/3428 https://exchange.xforce.ibmcloud.com/vulnerabilities/38943 http://www.hackerscenter.com/archive/view.asp?id=28129 http://www.securityfocus.com/archive/1/484805/100/0/threaded http://www.securityfocus.com/bid/26801