Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2007-2537

Published: 09/05/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Npds

Vulnerability Summary

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and previous versions allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

Vulnerable Product Search on Vulmon Subscribe to Product

npds npds

Exploits

Exploit DB: Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (2)
<?php /*---------------------------------------------------------*\ NPDS <= 510 - Remote Code Execution exploit [|Description:|] Security holes were found in NPDS 510 N°1: Sql Injection in cookies (File Mainfilephp lines 655 to 691) No check is carried out on nicknames or Id which can allow an attacker to modify a SQL request so as ...

References

NVD-CWE-Otherhttp://www.aeroxteam.fr/exploit-NPDS-5.10.txthttp://www.securityfocus.com/bid/23831http://securityreason.com/securityalert/2670http://osvdb.org/36195https://exchange.xforce.ibmcloud.com/vulnerabilities/34109http://www.securityfocus.com/archive/1/467696/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/3855/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook