Vulnerabilities > CVE-2007-1172 - SQL-Injection vulnerability in Nukescripts Nukesentinel 2.5.05

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
nukescripts
exploit available
NVD
Published: 2007-03-02
Updated: 2018-10-16

Summary

SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."

Vulnerable Configurations

Part Description Count
Application
Nukescripts
1

Exploit-Db

descriptionNukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit. CVE-2007-1172,CVE-2007-1493. Webapps exploit for php platform
fileexploits/php/webapps/3338.php
idEDB-ID:3338
last seen2016-01-31
modified2007-02-20
platformphp
port
published2007-02-20
reporterDarkFig
sourcehttps://www.exploit-db.com/download/3338/
titleNukeSentinel 2.5.05 - nukesentinel.php File Disclosure Exploit
typewebapps

References