Vulnerabilities > CVE-2007-0687 - SQL Injection vulnerability in Michelles L2J DropCalc I-Search.PHP

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
michelle
exploit available

Summary

SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.

Vulnerable Configurations

Part Description Count
Application
Michelle
1

Exploit-Db

descriptionMichelles L2J Dropcalc. CVE-2007-0687. Webapps exploit for php platform
fileexploits/php/webapps/3232.txt
idEDB-ID:3232
last seen2016-01-31
modified2007-01-31
platformphp
port
published2007-01-31
reporterCodebreak
sourcehttps://www.exploit-db.com/download/3232/
titleMichelles L2J Dropcalc <= 4 - Remote SQL Injection Vulnerability
typewebapps