Published: 21/11/2007 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote malicious users to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bcoos bcoos 1.0.10

########################## WwWBugReportir ########################################### # # AmnPardaz Security Research & Penetration Testing Group # # Title: Bcoos Multiple Vulnerabilities # Vendor: wwwbcoosnet/ # Bugs: Local File Inclusion, Sql Injection # Vulnerable Version: bcoos 1010 (prior versions also may be affected) # ...

source: wwwsecurityfocuscom/bid/31941/info The 'bcoos' program is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in th ...

CWE-89 http://www.securityfocus.com/bid/26505 http://www.securityfocus.com/bid/31941 http://www.securityfocus.com/bid/31941/exploit http://www.vupen.com/english/advisories/2007/3962 https://exchange.xforce.ibmcloud.com/vulnerabilities/46156 https://exchange.xforce.ibmcloud.com/vulnerabilities/38594 https://www.exploit-db.com/exploits/4637 https://nvd.nist.gov https://www.exploit-db.com/exploits/4637/

CVE-2007-6080

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect