Vulnerabilities > CVE-2007-2006 - SQL-Injection vulnerability in pL-PHP

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

pl-php

exploit available

NVD

Published: 2007-04-12

Updated: 2018-10-16

Summary

Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.

Vulnerable Configurations

Part	Description	Count
Application	Pl-Php PL PHP PL PHP *	1

Exploit-Db

description	pL-PHP beta 0.9 Multiple Remote Vulnerabilities. CVE-2007-2006,CVE-2007-2007,CVE-2007-2008. Webapps exploit for php platform
file	exploits/php/webapps/3704.txt
id	EDB-ID:3704
last seen	2016-01-31
modified	2007-04-10
platform	php
port
published	2007-04-10
reporter	Omni
source	https://www.exploit-db.com/download/3704/
title	pl-php beta 0.9 - Multiple Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References