Vulnerabilities > CVE-2007-0663 - SQL-Injection vulnerability in Eclectic Designs Cascadianfaq 4.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

eclectic-designs

exploit available

NVD

Published: 2007-02-01

Updated: 2011-03-08

Summary

SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Eclectic_Designs Eclectic Designs Cascadianfaq * Eclectic Designs Cascadianfaq 4.1	2

Exploit-Db

description	CascadianFAQ <= 4.1 (index.php) Remote SQL Injection Vulnerability. CVE-2007-0631,CVE-2007-0663. Webapps exploit for php platform
file	exploits/php/webapps/3227.txt
id	EDB-ID:3227
last seen	2016-01-31
modified	2007-01-30
platform	php
port
published	2007-01-30
reporter	ajann
source	https://www.exploit-db.com/download/3227/
title	CascadianFAQ <= 4.1 index.php Remote SQL Injection Vulnerability
type	webapps

References

http://www.vupen.com/english/advisories/2007/0424