Description
SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by h a c k e r _ X · textwebappsphp
https://www.exploit-db.com/exploits/3691
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24838
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/34747
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3691
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23383
Scores
EPSS
0.0137
EPSS Percentile
80.4%
Details
Status
published
Products (1)
ryan_haudenschilt/battle.net_clan_script
Published
Apr 10, 2007
Tracked Since
Feb 18, 2026