CVE-2007-1548

Sažetak

SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp.

Reference

http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html
http://osvdb.org/34344
http://secunia.com/advisories/24561
http://securityreason.com/securityalert/2456
http://www.securityfocus.com/archive/1/463287/100/0/threaded
http://www.securityfocus.com/bid/23051
http://www.vupen.com/english/advisories/2007/1061
http://www.webwizguide.info/web_wiz_forums/Version%20History.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/33095

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 16:39

Objavljeno

20-03-2007 - 22:19