Vulnerabilities > CVE-2007-3394 - Scripts Multiple SQL Injection vulnerability in Endonesia 8.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description eNdonesia 8.4 banners.php click Action bid Parameter SQL Injection. CVE-2007-3394. Webapps exploit for php platform id EDB-ID:30226 last seen 2016-02-03 modified 2007-06-22 published 2007-06-22 reporter laurent gaffie source https://www.exploit-db.com/download/30226/ title eNdonesia 8.4 banners.php click Action bid Parameter SQL Injection description eNdonesia 8.4 mod.php viewarticle Action artid Parameter SQL Injection. CVE-2007-3394. Webapps exploit for php platform id EDB-ID:30225 last seen 2016-02-03 modified 2007-06-22 published 2007-06-22 reporter laurent gaffie source https://www.exploit-db.com/download/30225/ title eNdonesia 8.4 mod.php viewarticle Action artid Parameter SQL Injection