Vulnerabilities > CVE-2007-1493 - SQL-Injection vulnerability in NukeSentinel
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description NukeSentinel = 4.0.24) Remote SQL Injection Exploit. CVE-2007-1493. Webapps exploit for php platform id EDB-ID:3450 last seen 2016-01-31 modified 2007-03-10 published 2007-03-10 reporter DarkFig source https://www.exploit-db.com/download/3450/ title NukeSentinel <= 2.5.06 - Remote SQL Injection Exploit description NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit. CVE-2007-1172,CVE-2007-1493. Webapps exploit for php platform file exploits/php/webapps/3338.php id EDB-ID:3338 last seen 2016-01-31 modified 2007-02-20 platform php port published 2007-02-20 reporter DarkFig source https://www.exploit-db.com/download/3338/ title NukeSentinel 2.5.05 - nukesentinel.php File Disclosure Exploit type webapps