Vulnerabilities > CVE-2007-3394 - Unspecified vulnerability in Endonesia 8.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN endonesia
exploit available
Summary
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description eNdonesia 8.4 banners.php click Action bid Parameter SQL Injection. CVE-2007-3394. Webapps exploit for php platform id EDB-ID:30226 last seen 2016-02-03 modified 2007-06-22 published 2007-06-22 reporter laurent gaffie source https://www.exploit-db.com/download/30226/ title eNdonesia 8.4 banners.php click Action bid Parameter SQL Injection description eNdonesia 8.4 mod.php viewarticle Action artid Parameter SQL Injection. CVE-2007-3394. Webapps exploit for php platform id EDB-ID:30225 last seen 2016-02-03 modified 2007-06-22 published 2007-06-22 reporter laurent gaffie source https://www.exploit-db.com/download/30225/ title eNdonesia 8.4 mod.php viewarticle Action artid Parameter SQL Injection
References
- http://osvdb.org/38227
- http://osvdb.org/38227
- http://osvdb.org/38228
- http://osvdb.org/38228
- http://securityreason.com/securityalert/2839
- http://securityreason.com/securityalert/2839
- http://www.securityfocus.com/archive/1/472022/100/0/threaded
- http://www.securityfocus.com/archive/1/472022/100/0/threaded
- http://www.securityfocus.com/bid/24590
- http://www.securityfocus.com/bid/24590