PRIOn knowledge basePRION:CVE-2007-4956Sql injection
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
References
koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29
osvdb.org/37180
osvdb.org/37182
secunia.com/advisories/26850
www.securityfocus.com/bid/25679
exchange.xforce.ibmcloud.com/vulnerabilities/36634
exchange.xforce.ibmcloud.com/vulnerabilities/36635
exchange.xforce.ibmcloud.com/vulnerabilities/36636
www.exploit-db.com/exploits/4412
www.exploit-db.com/exploits/4413
www.exploit-db.com/exploits/4414
Related
