Vulnerabilities > CVE-2007-0847 - SQL-Injection vulnerability in Open Tibia Server Cms

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
open-tibia-server-cms
exploit available
NVD
Published: 2007-02-08
Updated: 2017-10-19

Summary

SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.

Vulnerable Configurations

Part Description Count
Application
Open_Tibia_Server_Cms
4

Exploit-Db

descriptionOTSCMS <= 2.1.5 (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2007-0846,CVE-2007-0847. Webapps exploit for php platform
fileexploits/php/webapps/3283.txt
idEDB-ID:3283
last seen2016-01-31
modified2007-02-07
platformphp
port
published2007-02-07
reporterGregStar
sourcehttps://www.exploit-db.com/download/3283/
titleotscms <= 2.1.5 sql/XSS Multiple Vulnerabilities
typewebapps

References