CVE-2007-4956 - OpenCVE

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kwsphp	Kwsphp

Configuration 1 [-]

cpe:2.3:a:kwsphp:kwsphp:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29
http://osvdb.org/37180
http://osvdb.org/37182
http://secunia.com/advisories/26850
http://www.securityfocus.com/bid/25679
https://exchange.xforce.ibmcloud.com/vulnerabilities/36634
https://exchange.xforce.ibmcloud.com/vulnerabilities/36635
https://exchange.xforce.ibmcloud.com/vulnerabilities/36636
https://www.exploit-db.com/exploits/4412
https://www.exploit-db.com/exploits/4413
https://www.exploit-db.com/exploits/4414

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-18T20:00:00

Updated: 2024-08-07T15:17:27.505Z

Reserved: 2007-09-18T00:00:00

Link: CVE-2007-4956

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-09-18T20:17:00.000

Modified: 2017-09-29T01:29:26.267

Link: CVE-2007-4956

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "kwsphp-memberspace-index-sql-injection(36635)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36635"}, {"name": "4412", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4412"}, {"tags": ["x_refsource_MISC"], "url": "http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29"}, {"name": "4413", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4413"}, {"name": "kwsphp-stats-index-sql-injection(36634)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36634"}, {"name": "4414", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4414"}, {"name": "kwsphp-login-sql-injection(36636)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36636"}, {"name": "25679", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25679"}, {"name": "26850", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26850"}, {"name": "37182", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37182"}, {"name": "37180", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37180"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4956", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "kwsphp-memberspace-index-sql-injection(36635)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36635"}, {"name": "4412", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4412"}, {"name": "http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29", "refsource": "MISC", "url": "http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29"}, {"name": "4413", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4413"}, {"name": "kwsphp-stats-index-sql-injection(36634)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36634"}, {"name": "4414", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4414"}, {"name": "kwsphp-login-sql-injection(36636)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36636"}, {"name": "25679", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25679"}, {"name": "26850", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26850"}, {"name": "37182", "refsource": "OSVDB", "url": "http://osvdb.org/37182"}, {"name": "37180", "refsource": "OSVDB", "url": "http://osvdb.org/37180"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.505Z"}, "title": "CVE Program Container", "references": [{"name": "kwsphp-memberspace-index-sql-injection(36635)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36635"}, {"name": "4412", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4412"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29"}, {"name": "4413", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4413"}, {"name": "kwsphp-stats-index-sql-injection(36634)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36634"}, {"name": "4414", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4414"}, {"name": "kwsphp-login-sql-injection(36636)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36636"}, {"name": "25679", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25679"}, {"name": "26850", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26850"}, {"name": "37182", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37182"}, {"name": "37180", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37180"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4956", "datePublished": "2007-09-18T20:00:00", "dateReserved": "2007-09-18T00:00:00", "dateUpdated": "2024-08-07T15:17:27.505Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kwsphp:kwsphp:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "69750EA0-C35C-4EBA-9593-E9A8664B52B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en KwsPHP 1.0 permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante (1) el par\u00e1metro pseudo de login.php, (2) el par\u00e1metro id de index.php en una acci\u00f3n carnet editer en el m\u00f3dulo Member_Space (espace_membre), o (3) el par\u00e1metro typenav de index.php en una acci\u00f3n browser aff en el m\u00f3dulo stats."}], "id": "CVE-2007-4956", "lastModified": "2017-09-29T01:29:26.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-18T20:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://koogar.alorys-hebergement.com/kwsphp/index.php?mod=news&ac=commentaires&id=29"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37180"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37182"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26850"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25679"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36634"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36635"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36636"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4412"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4413"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4414"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}