Vulnerabilities > CVE-2007-1363 - SQL Injection vulnerability in DropAFew

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
dropafew
exploit available
NVD
Published: 2007-04-11
Updated: 2017-07-29

Summary

Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.

Vulnerable Configurations

Part Description Count
Application
Dropafew
1

Exploit-Db

  • descriptionDropAFew 0.2 search.php delete Action id Parameter SQL Injection. CVE-2007-1363. Webapps exploit for php platform
    idEDB-ID:29832
    last seen2016-02-03
    modified2007-04-10
    published2007-04-10
    reporterAlexander Klink
    sourcehttps://www.exploit-db.com/download/29832/
    titleDropAFew 0.2 - search.php delete Action id Parameter SQL Injection
  • descriptionDropAFew 0.2 editlogcal.php save Action calories Parameter SQL Injection. CVE-2007-1363. Webapps exploit for php platform
    idEDB-ID:29833
    last seen2016-02-03
    modified2007-04-10
    published2007-04-10
    reporterAlexander Klink
    sourcehttps://www.exploit-db.com/download/29833/
    titleDropAFew 0.2 editlogcal.php save Action calories Parameter SQL Injection

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/55830/AKLINK-SA-2007-002.txt
idPACKETSTORM:55830
last seen2016-12-05
published2007-04-11
reporterAlexander Klink
sourcehttps://packetstormsecurity.com/files/55830/AKLINK-SA-2007-002.txt.html
titleAKLINK-SA-2007-002.txt

References