fkie_cve-2007-5688
Vulnerability from fkie_nvd
Published
2007-10-29 19:46
Modified
2024-11-21 00:38
Severity ?
Summary
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
References
cve@mitre.orghttp://secunia.com/advisories/27406Vendor Advisory
cve@mitre.orghttp://www.inj3ct-it.org/exploit/Multi_Host.txtExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/482838/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26213Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37461
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27406Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.inj3ct-it.org/exploit/Multi_Host.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482838/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26213Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37461
Impacted products
Vendor Product Version
invision_power_services invision_power_board *
phpbb phpbb *
sebflipper multi-forums_module 1.3.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F5B0EB-44D4-47C6-BEF9-E17787061471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8370A82D-83E8-4A70-8D04-1FCC6D24CAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sebflipper:multi-forums_module:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "076B4D89-3928-4017-95E9-7EA1D27D0B3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en directory.php en el m\u00f3dulo 1.3.3 de Multi-Forums (tambi\u00e9n conocido como Multi Host Forum Pro), para phpBB e Invision Power Board (IPB \u00f3 IP.Board), permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) go y (2) cat."
    }
  ],
  "id": "CVE-2007-5688",
  "lastModified": "2024-11-21T00:38:27.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-29T19:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27406"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26213"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.