Vulnerabilities > CVE-2007-3290 - Input Validation vulnerability in LiveCMS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. More information about this CVE can be found at: http://secunia.com/advisories/25744/
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description | LiveCMS <= 3.4 (categoria.php cid) Remote SQL Injection Exploit. CVE-2007-3290,CVE-2007-3291,CVE-2007-3292,CVE-2007-3293. Webapps exploit for php platform |
file | exploits/php/webapps/4082.pl |
id | EDB-ID:4082 |
last seen | 2016-01-31 |
modified | 2007-06-20 |
platform | php |
port | |
published | 2007-06-20 |
reporter | g00ns |
source | https://www.exploit-db.com/download/4082/ |
title | LiveCMS <= 3.4 categoria.php cid Remote SQL Injection Exploit |
type | webapps |