Vulnerabilities > CVE-2007-3128 - SQL Injection vulnerability in IBM Websphere Portal 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. Successful exploitation requires PHP magic_quotes_gpc set to OFF.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/57214/wsportal-sql.txt |
id | PACKETSTORM:57214 |
last seen | 2016-12-05 |
published | 2007-06-19 |
reporter | Jesper Jurcenoks |
source | https://packetstormsecurity.com/files/57214/wsportal-sql.txt.html |
title | wsportal-sql.txt |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html
- http://www.netvigilance.com/advisory0033
- http://www.osvdb.org/34164
- http://www.securityfocus.com/archive/1/471629/100/0/threaded
- http://www.securityfocus.com/bid/24513
- http://www.vupen.com/english/advisories/2007/2237
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34896