Vulnerability Description
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kwsphp | Kwsphp | 1.0 |
Related Weaknesses (CWE)
References
- http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&i
- http://osvdb.org/37180
- http://osvdb.org/37182
- http://secunia.com/advisories/26850
- http://www.securityfocus.com/bid/25679
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36636
- https://www.exploit-db.com/exploits/4412
- https://www.exploit-db.com/exploits/4413
- https://www.exploit-db.com/exploits/4414
- http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&i
- http://osvdb.org/37180
- http://osvdb.org/37182
- http://secunia.com/advisories/26850
FAQ
What is CVE-2007-4956?
CVE-2007-4956 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet e...
How severe is CVE-2007-4956?
CVE-2007-4956 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4956?
Check the references section above for vendor advisories and patch information. Affected products include: Kwsphp Kwsphp.