CVE-2007-4522

Vulnerability Description

Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.

CVSS Score

Affected Products

References

• http://securityreason.com/securityalert/3058
• http://www.freshervisions.com/ripe/articles/ripe-version-0.8.10/
• http://www.securityfocus.com/archive/1/477320/100/0/threaded
• http://www.securityfocus.com/bid/25406Exploit
• https://exchange.xforce.ibmcloud.com/vulnerabilities/36180
• http://securityreason.com/securityalert/3058
• http://www.freshervisions.com/ripe/articles/ripe-version-0.8.10/
• http://www.securityfocus.com/archive/1/477320/100/0/threaded
• http://www.securityfocus.com/bid/25406Exploit
• https://exchange.xforce.ibmcloud.com/vulnerabilities/36180