Vulnerabilities > CVE-2007-1634 - SQL-Injection vulnerability in Net Portal Dynamic System

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
net-portal-dynamic-system
exploit available
NVD
Published: 2007-03-23
Updated: 2018-10-16

Summary

Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.

Vulnerable Configurations

Part Description Count
Application
Net_Portal_Dynamic_System
1

Exploit-Db

descriptionNet Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution. CVE-2007-1634,CVE-2007-1635. Webapps exploit for php platform
idEDB-ID:3505
last seen2016-01-31
modified2007-03-18
published2007-03-18
reporterDarkFig
sourcehttps://www.exploit-db.com/download/3505/
titleNet Portal Dynamic System NPDS <= 5.10 - Remote Code Execution

References