CVE-2007-3814 - OpenCVE

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mkportal	Mkportal

Configuration 1 [-]

cpe:2.3:a:mkportal:mkportal:1.1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/41719
http://osvdb.org/41720
http://osvdb.org/41721
http://osvdb.org/41722
http://osvdb.org/41723
http://securityreason.com/securityalert/2894
http://www.securityfocus.com/archive/1/473495/100/0/threaded
http://www.securityfocus.com/bid/24886
http://www.securityfocus.com/bid/24891
https://exchange.xforce.ibmcloud.com/vulnerabilities/35391
https://www.exploit-db.com/exploits/4179

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-17T00:00:00

Updated: 2024-08-07T14:28:52.513Z

Reserved: 2007-07-16T00:00:00

Link: CVE-2007-3814

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-17T00:30:00.000

Modified: 2018-10-15T21:31:02.507

Link: CVE-2007-3814

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "41722", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41722"}, {"name": "41721", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41721"}, {"name": "41723", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41723"}, {"name": "24886", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24886"}, {"name": "20070712 MkPortal - Multiple SQL Injection Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/473495/100/0/threaded"}, {"name": "24891", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24891"}, {"name": "4179", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4179"}, {"name": "2894", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2894"}, {"name": "mkportal-multiple-sql-injection(35391)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35391"}, {"name": "41719", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41719"}, {"name": "41720", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41720"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3814", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "41722", "refsource": "OSVDB", "url": "http://osvdb.org/41722"}, {"name": "41721", "refsource": "OSVDB", "url": "http://osvdb.org/41721"}, {"name": "41723", "refsource": "OSVDB", "url": "http://osvdb.org/41723"}, {"name": "24886", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24886"}, {"name": "20070712 MkPortal - Multiple SQL Injection Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/473495/100/0/threaded"}, {"name": "24891", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24891"}, {"name": "4179", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4179"}, {"name": "2894", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2894"}, {"name": "mkportal-multiple-sql-injection(35391)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35391"}, {"name": "41719", "refsource": "OSVDB", "url": "http://osvdb.org/41719"}, {"name": "41720", "refsource": "OSVDB", "url": "http://osvdb.org/41720"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:28:52.513Z"}, "title": "CVE Program Container", "references": [{"name": "41722", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41722"}, {"name": "41721", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41721"}, {"name": "41723", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41723"}, {"name": "24886", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24886"}, {"name": "20070712 MkPortal - Multiple SQL Injection Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/473495/100/0/threaded"}, {"name": "24891", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24891"}, {"name": "4179", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4179"}, {"name": "2894", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2894"}, {"name": "mkportal-multiple-sql-injection(35391)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35391"}, {"name": "41719", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41719"}, {"name": "41720", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41720"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3814", "datePublished": "2007-07-17T00:00:00", "dateReserved": "2007-07-16T00:00:00", "dateUpdated": "2024-08-07T14:28:52.513Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mkportal:mkportal:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AABA437C-7076-4F57-B788-BB0DB503619A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en MKPortal 1.1.1 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del campo (1)idurlo en la funci\u00f3n delete_urlo en (a) index.php; el campo (2) iden en las funciones update_file y (3)del_file en (b) index.php en el m\u00f3dulo reviews; el campo (4) idenews en la funci\u00f3n delete_news y el campo (5)idcomm en la funci\u00f3n del_comment en (c) index.php en el m\u00f3dulo news; el campo (6) idcomm en la funci\u00f3n delete_comments en (d) index.php en el m\u00f3dulo gallery; el campo iden en las funciones (7) edit_file, (8) update_file, y (9) del_file en index.php en el m\u00f3dulo gallery; los campos (10) ide y cat en la funci\u00f3n slide_update en index.php en el m\u00f3dulo gallery; el campo iden en las funciones (12) update_file y (13) del_file en (d) index.php en el m\u00f3dulo downloads; y otros vectores no especificados."}], "id": "CVE-2007-3814", "lastModified": "2018-10-15T21:31:02.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-17T00:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/41719"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41720"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41721"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41722"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41723"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2894"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/473495/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24886"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24891"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35391"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4179"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}