CVE-2007-1493

NukeSentinel <2.5.06 - SQL Injection

Title source: llm

Description

nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.

Exploits (2)

exploitdb WORKING POC VERIFIED

by DarkFig · phpwebappsphp

https://www.exploit-db.com/exploits/3338

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by DarkFig · phpwebappsphp

https://www.exploit-db.com/exploits/3450

View Code ZIP pw:eip

References (3)

[Exploit] http://attrition.org/pipermail/vim/2007-March/001429.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/462453/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/2430

Scores

EPSS 0.0348

EPSS Percentile 87.4%

Classification

Status draft

Affected Products (1)

nukescripts/nukesentinel < 2.5.06

Timeline

Published Mar 16, 2007

Tracked Since Feb 18, 2026