Vulnerabilities > CVE-2007-3000 - Input Validation vulnerability in PHP Jackknife PHP Jackknife 2.21

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php-jackknife
exploit available

Summary

Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php.

Vulnerable Configurations

Part Description Count
Application
Php_Jackknife
1

Exploit-Db

  • descriptionPHP JackKnife 2.21 (PHPJK) Search/DisplayResults.php iSearchID Parameter SQL Injection. CVE-2007-3000. Webapps exploit for php platform
    idEDB-ID:30113
    last seen2016-02-03
    modified2007-05-31
    published2007-05-31
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/30113/
    titlePHP JackKnife 2.21 PHPJK Search/DisplayResults.php iSearchID Parameter SQL Injection
  • descriptionPHP JackKnife 2.21 (PHPJK) G_Display.php iCategoryUnq Parameter SQL Injection. CVE-2007-3000. Webapps exploit for php platform
    idEDB-ID:30112
    last seen2016-02-03
    modified2007-05-31
    published2007-05-31
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/30112/
    titlePHP JackKnife 2.21 PHPJK G_Display.php iCategoryUnq Parameter SQL Injection