Описание
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-4956
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36636
- https://www.exploit-db.com/exploits/4412
- https://www.exploit-db.com/exploits/4413
- https://www.exploit-db.com/exploits/4414
- http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29
- http://osvdb.org/37180
- http://osvdb.org/37182
- http://secunia.com/advisories/26850
- http://www.securityfocus.com/bid/25679
Связанные уязвимости
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.