Vulnerabilities > CVE-2007-1634 - SQL-Injection vulnerability in Net Portal Dynamic System
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution. CVE-2007-1634,CVE-2007-1635. Webapps exploit for php platform |
id | EDB-ID:3505 |
last seen | 2016-01-31 |
modified | 2007-03-18 |
published | 2007-03-18 |
reporter | DarkFig |
source | https://www.exploit-db.com/download/3505/ |
title | Net Portal Dynamic System NPDS <= 5.10 - Remote Code Execution |