Vulnerability Description
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Free Lan Intra Internet Portal | Free Lan Intra Internet Portal | <= 1.0_rc2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/33649
- http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260
- http://www.attrition.org/pipermail/vim/2007-February/001282.html
- http://www.vupen.com/english/advisories/2007/0454Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31902
- http://osvdb.org/33649
- http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260
- http://www.attrition.org/pipermail/vim/2007-February/001282.html
- http://www.vupen.com/english/advisories/2007/0454Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31902
FAQ
What is CVE-2007-0695?
CVE-2007-0695 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources men...
How severe is CVE-2007-0695?
CVE-2007-0695 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0695?
Check the references section above for vendor advisories and patch information. Affected products include: Free Lan Intra Internet Portal Free Lan Intra Internet Portal.