ID CVE-2007-1575
Summary Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out.
References
Vulnerable Configurations
  • cpe:2.3:a:phprojekt:phprojekt:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:phprojekt:phprojekt:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:phprojekt:phprojekt:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:phprojekt:phprojekt:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:phprojekt:phprojekt:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:phprojekt:phprojekt:5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:phprojekt:phprojekt:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:phprojekt:phprojekt:5.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 22955
bugtraq 20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection
confirm http://www.phprojekt.com/index.php?name=News&file=article&sid=276
gentoo GLSA-200706-07
misc http://www.nruns.com/security_advisory_phprojekt_sql_injection.php
secunia
  • 24509
  • 25748
sreason 2466
Last major update 16-10-2018 - 16:39
Published 21-03-2007 - 21:19
Last modified 16-10-2018 - 16:39
Back to Top