Vulnerabilities > CVE-2007-3394 - Scripts Multiple SQL Injection vulnerability in Endonesia 8.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
endonesia
exploit available
NVD
Published: 2007-06-26
Updated: 2018-10-16

Summary

Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.

Vulnerable Configurations

Part Description Count
Application
Endonesia
1

Exploit-Db

  • descriptioneNdonesia 8.4 banners.php click Action bid Parameter SQL Injection. CVE-2007-3394. Webapps exploit for php platform
    idEDB-ID:30226
    last seen2016-02-03
    modified2007-06-22
    published2007-06-22
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/30226/
    titleeNdonesia 8.4 banners.php click Action bid Parameter SQL Injection
  • descriptioneNdonesia 8.4 mod.php viewarticle Action artid Parameter SQL Injection. CVE-2007-3394. Webapps exploit for php platform
    idEDB-ID:30225
    last seen2016-02-03
    modified2007-06-22
    published2007-06-22
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/30225/
    titleeNdonesia 8.4 mod.php viewarticle Action artid Parameter SQL Injection

References