Vulnerability Description
SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webwizguide | Web Wiz Forums | <= 8.05 |
Related Weaknesses (CWE)
References
- http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.htmlExploit
- http://osvdb.org/34344
- http://secunia.com/advisories/24561Vendor Advisory
- http://securityreason.com/securityalert/2456Exploit
- http://www.securityfocus.com/archive/1/463287/100/0/threaded
- http://www.securityfocus.com/bid/23051Exploit
- http://www.vupen.com/english/advisories/2007/1061Vendor Advisory
- http://www.webwizguide.info/web_wiz_forums/Version%20History.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33095
- http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.htmlExploit
- http://osvdb.org/34344
- http://secunia.com/advisories/24561Vendor Advisory
- http://securityreason.com/securityalert/2456Exploit
- http://www.securityfocus.com/archive/1/463287/100/0/threaded
- http://www.securityfocus.com/bid/23051Exploit
FAQ
What is CVE-2007-1548?
CVE-2007-1548 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers...
How severe is CVE-2007-1548?
CVE-2007-1548 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1548?
Check the references section above for vendor advisories and patch information. Affected products include: Webwizguide Web Wiz Forums.