Vulnerabilities > CVE-2007-3127 - Information Disclosure vulnerability in IBM Websphere Portal 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. Successful exploitation requires PHP magic_quotes_gpc set to OFF.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | WSPortal 1.0 Content.PHP SQL Injection Vulnerability. CVE-2007-3127. Webapps exploit for php platform |
| id | EDB-ID:30197 |
| last seen | 2016-02-03 |
| modified | 2007-06-18 |
| published | 2007-06-18 |
| reporter | Jesper Jurcenoks |
| source | https://www.exploit-db.com/download/30197/ |
| title | WSPortal 1.0 Content.PHP SQL Injection Vulnerability |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html
- http://www.netvigilance.com/advisory0032
- http://www.osvdb.org/34164
- http://www.securityfocus.com/archive/1/471619/100/0/threaded
- http://www.vupen.com/english/advisories/2007/2237
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34894