Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4956

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4956
Last Modified 15 Nov 2008 01:59:11
Published 18 Sep 2007 04:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4956

Summary

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.

Vulnerable Systems

Application

  • Kwsphp 1.0


References

BID - 25679

MILW0RM - 4414

MILW0RM - 4413

MILW0RM - 4412

OSVDB - 37182

OSVDB - 37180

XF - kwsphp-login-sql-injection(36636)

XF - kwsphp-memberspace-index-sql-injection(36635)

XF - kwsphp-stats-index-sql-injection(36634)

SECUNIA - 26850

MISC - http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29


Last Updated: 27 May 2016 10:46:01