Vulnerabilities > CVE-2007-1493 - SQL-Injection vulnerability in NukeSentinel

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
nukescripts
exploit available
NVD
Published: 2007-03-16
Updated: 2018-10-16

Summary

nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.

Vulnerable Configurations

Part Description Count
Application
Nukescripts
1

Exploit-Db

  • descriptionNukeSentinel = 4.0.24) Remote SQL Injection Exploit. CVE-2007-1493. Webapps exploit for php platform
    idEDB-ID:3450
    last seen2016-01-31
    modified2007-03-10
    published2007-03-10
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/3450/
    titleNukeSentinel <= 2.5.06 - Remote SQL Injection Exploit
  • descriptionNukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit. CVE-2007-1172,CVE-2007-1493. Webapps exploit for php platform
    fileexploits/php/webapps/3338.php
    idEDB-ID:3338
    last seen2016-01-31
    modified2007-02-20
    platformphp
    port
    published2007-02-20
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/3338/
    titleNukeSentinel 2.5.05 - nukesentinel.php File Disclosure Exploit
    typewebapps

References