CVE-2007-2537

Current Description

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

Basic Data

PublishedMay 09, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.5
SeverityMEDIUM
Exploitability Score8.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationNpdsNpds********5.10

Vulnerable Software List

VendorProductVersions
Npds Npds *

References

NameSourceURLTags
36195http://osvdb.org/36195OSVDB
2670http://securityreason.com/securityalert/2670SREASON
http://www.aeroxteam.fr/exploit-NPDS-5.10.txthttp://www.aeroxteam.fr/exploit-NPDS-5.10.txtMISCExploit
20070504 NPDS <= 5.10 - Multiple SQL injectionshttp://www.securityfocus.com/archive/1/467696/100/0/threadedBUGTRAQ
23831http://www.securityfocus.com/bid/23831BIDExploit
npds-mainfile-sql-injection(34109)https://exchange.xforce.ibmcloud.com/vulnerabilities/34109XF