Description
SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Mehmet Ince · textwebappsasp
https://www.exploit-db.com/exploits/3318
References (1)
Core 1
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0620
Scores
EPSS
0.0082
EPSS Percentile
74.5%
Details
Status
published
Products (1)
aktueldownload/aktueldownload_haber_script
Published
Feb 21, 2007
Tracked Since
Feb 18, 2026