CVE-2007-1548

Опубликовано: 20 мар. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via "' (backslash double-quote quote) sequences, which are collapsed into '', as demonstrated via the name parameter to forum/pop_up_member_search.asp.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:webwizguide:web_wiz_forums:*:*:*:*:*:*:*:*

Версия до 8.05 (включая)

cpe:2.3:a:webwizguide:web_wiz_forums:5.21:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:5.22:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_1:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_2:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_3:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_4:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_5:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6:beta_6:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.0:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.10:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.11:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.12:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.20:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.21:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.22:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.23:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.24:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.25:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.26:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.27:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.28:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.29:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.30:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.32:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.33:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:6.34:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7:beta_4:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7:rc1:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.0:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.01:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.5:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.5:beta_1:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.6:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.7:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.7a:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.8:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.9:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.51:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.51a:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.92:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.95:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:7.96:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_1:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8:beta_2:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8:rc1.1:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8.0:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8.01:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8.02:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8.03:*:*:*:*:*:*:*

cpe:2.3:a:webwizguide:web_wiz_forums:8.04:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00902

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-pq5v-fxj9-pfm8

github

почти 4 года назад

SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp.