Vulnerabilities > CVE-2007-2858 - SQL-Injection vulnerability in Ip-Tracking

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

phpbb

NVD

Published: 2007-05-24

Updated: 2018-10-16

Summary

SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field.

Vulnerable Configurations

Part	Description	Count
Application	Phpbb Phpbb IP Tracking 2.0 Phpbb IP Tracking 2.0.1 Phpbb IP Tracking 2.0.2 Phpbb IP Tracking 2.0.3 Phpbb IP Tracking 2.0.4 Phpbb IP Tracking 2.0.5 Phpbb IP Tracking 2.0.6 Phpbb IP Tracking 2.0.7 Phpbb IP Tracking 2.0.8 Phpbb IP Tracking 2.0.9	10

References

http://osvdb.org/37534
http://securityreason.com/securityalert/2731
http://www.securityfocus.com/archive/1/469299/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/34384