Description
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Alexander Klink · textwebappsphp
https://www.exploit-db.com/exploits/29832
exploitdb
WORKING POC
VERIFIED
by Alexander Klink · textwebappsphp
https://www.exploit-db.com/exploits/29833
References (5)
Core 5
Core References
Patch x_refsource_confirm
http://www.dropafew.com/sphpblog/comments.php?y=07&m=04&entry=entry070403-224437
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24861
Vendor Advisory x_refsource_misc
http://www.cynops.de/advisories/CVE-2007-1363.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33560
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23400
Scores
EPSS
0.0058
EPSS Percentile
69.1%
Details
Status
published
Products (1)
dropafew/dropafew
< 0.2
Published
Apr 11, 2007
Tracked Since
Feb 18, 2026